Admins who protect their Linux servers with ServerProtect from Trend Micro should install the latest version for security reasons. The developers have closed a security gap in it.
If attackers successfully target the vulnerability (CVE-2020-28575) in the kernel hook module (KHM) of ServerProtect, they could trigger a memory error (heap-based buffer overflow) according to a warning message and obtain higher user rights. This should also work from a distance.
Secure version available
For this to work, an attacker must already have user rights in order to be able to execute their own (high-privileged) code. The risk emanating from the gap is with “mediumTrend Micro advises admins to quickly bring their servers up to date.
The version affected is ServerProtect for Linux (SPLX) 3.0. The developers state the output KHM 3.0.1.0023 having repaired it.