Published:2017/09/20  Last Updated:2017/09/20

JVNVU#93240386
Multiple vulnerabilities in ServerProtect for Linux

Overview

ServerProtect for Linux provided by Trend Micro Incorporated contains multiple vulnerabilities.

Products Affected

  • ServerProtect for Linux prior to Version 3.0 CP 1531

Description

ServerProtect for Linux provided by Trend Micro Incorporated contains multiple vulnerabilities.

Impact

A successful man-in-the-middle attack may cause a specially crafted file prepared by an attacker being downloaded and executed. As a result, arbitrary code may be executed.

Solution

Apply the Patch
Apply the patch according to the information provided by the developer.
The developer has released ServerProtect for Linux Version 3.0 CP 1531 to address this vulnerability.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Trend Micro Incorporated and JPCERT/CC coordinated.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2017-9032
CVE-2017-9033
CVE-2017-9034
CVE-2017-9035
CVE-2017-9036
CVE-2017-9037
JVN iPedia