<<<>>> Trend Micro, Inc. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ServerProtect 5.58 for Windows NT/2000/2003 Security Patch 2- Build 1174 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents =================================================================== 1. Overview of this Security Patch Release 1.1 Files Included in this Release 2. What's New 2.1 Resolved Known Issues (From previous versions) 3. Documentation Set 4. System Requirements 5. Installation/ Un-installation 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreement =================================================================== 1. Overview of this Security Patch Release ======================================================================== Some ServerProtect modules (stcommon.dll, eng50.dll, earthagent.exe, AgRpcCln.dll) have buffer overflow defects that can be exploited remotely using RPC. These defects allow attackers to run malicious code on the system account. 1.1 Files Included in This Release ===================================================================== Module Filename Build No. *NT Server* admin.exe 5.58 build 1174 adm_enu.dll 5.58 build 1174 AgentClient.dll 5.58 build 1174 cert5.db ciussi32.dll 2.0 build 1026 EarthAgent.exe 5.58 build 1174 Eng50.dll 5.58 build 1174 EventMsg2.dll 5.58 build 1174 Logdb.dll 5.58 build 1174 LogDbTool.dll 5.58 build 1174 LogViewer.exe 5.58 build 1174 LogMaster.dll 5.58 build 1174 Notification.dll 5.58 build 1174 Patch.exe 2.80 build 2014 patchbld.dll 5.1.0.0 Patchw32.dll 5.1.0.0 ScanNow.exe 5.58 build 1174 SpntSvc.exe 5.58 build 1174 Spuninst.exe 5.58 build 1174 StCommon.dll 5.58 build 1174 StHotfix.exe 5.58 build 1174 Stopp.exe 5.58 build 1174 StRpcCln.dll 5.58 build 1174 StRpcSrv.dll 5.58 build 1174 StUpdate.exe 5.58 build 1174 TmEng.dll 6.80 build 1034 Tmnotify.dll 1.0 build 1174 Tmopp.dll 5.58 build 1063 TmRpcSrv.dll 5.58 build 1174 Tmupdate.dll 2.80 build 2014 AuConfig.exe 1.0 SP5NSLST.ini TSC.ini x500.db hotfix.ini tmsp.mib *NetWare Server* lprotect.nlm 5.58 build 1174 pscan.nlm 5.58 build 1174 *CMAgent Files* EN_Utility.dll 1.0 build 1355 Entitymain.exe 1.0 build 1356 LibEN_CM.dll 1.0 build 1364 libEN_Logger.dll 1.0 build 1355 libEN_Product.dll 2.52 build 1053 xerces-c_1_7_0.dll 1.7 2. What's New ======================================================================== 2.1 Resolved Known Issues (From previous versions) ===================================================================== 2.1.1 The following vulnerability issues are fixed in this build: RPC call to function CMON_NetTestConnection (in module stcommon.dll) has buffer overflow issue. RPC call to RPCFN_ActiveRollback (in module stcommon.dll) has buffer overflow issue. RPC call to function ENG_SetRealTimeScanConfigInfo (in module eng50.dll) has buffer overflow issue. RPC call to function ENG_SendEmail (in module eng50.dll) has buffer overflow issue. RPC call to RPCFN_EVENTBACK_Online (in module earthagent.exe) has buffer overflow issue. Function CreateBinding in AgRpcCln.dll has buffer overflow issue. 2.1.2 Virus log has an increased file name length limit (previously 86 characters). The limit has been extended to the maximum Windows can support. 2.1.3 When ServerProtect performs manual pattern duplication from AU server, the earthagent.exe process may use too many socket resources. Now the maximum socket resource usage is around 250. 3. Documentation Set ======================================================================== o Readme.txt -- basic installation, known issues Electronic versions of the printed manuals are available at: http://www.trendmicro.com/download 4. System Requirements ======================================================================== No special requirements for installing this security patch. 5. Installation/Un-installation ======================================================================== 1. Copy the spnt_558_win_en_securitypatch2.exe to a temporary folder on the ServerProtect Information Server. 2. Make sure that the ServerProtect Management Console is not running. 3. Execute spnt_558_win_en_securitypatch2.exe and follow the instructions to install the Quarterly Patch. The Information Server will deploy the Quarterly Patch to NT Normal Servers 30 seconds after installation is complete, and then it will restart ServerProtect services. If after the deployment you want to roll back to the original files, you can find the backup files with extension name "bak" in the ServerProtect home directory. To restore, just rename the backup files to the original filename. Before you can roll back, issue the following shell commands to stop all ServerProtect services: net stop spntsvc net stop earthagent net stop "TrendMicro Infrastructure" After rollback is done, issue the following commands to start ServerProtect services: net start spntsvc net start earthagent net start "TrendMicro Infrastructure" Note: If the installation fails or if it does not complete successfully, check the TMPatch.log under the system root and contact Trend Micro technical support for troubleshooting. Refer to section 9 for contact information. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. Note: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro Web site. Register during installation, or online at: http://olr.trendmicro.com/ 6. Post-Installation Configuration ======================================================================== For known issue 2.1.2, remove old spntlog.dbf and spntLog.cdx files to make the enhancement take effect. Stop spntsvc service is needed before remove these two files. 7. Known Issues ======================================================================== a. Close the Management console before applying the Quarterly Patch otherwise the patch installation will fail. b. Do not install ServerProtect Normal server and an OSCE client on the same machine. c. After this patch is applied, the pattern update progress bar shown may not accurately reflect the actual progress. 8. Release History ======================================================================== See the following website for a more information about updates to this product: http://www.trendmicro.com/download 9. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop. Copyright 2007, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, ServerProtect are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/en/purchase/license/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide