Security update: Vulnerability in Trend Micro ServerProtect puts Linux systems at risk

0
11


Admins who protect their Linux servers with ServerProtect from Trend Micro should install the latest version for security reasons. The developers have closed a security gap in it.

If attackers successfully target the vulnerability (CVE-2020-28575) in the kernel hook module (KHM) of ServerProtect, they could trigger a memory error (heap-based buffer overflow) according to a warning message and obtain higher user rights. This should also work from a distance.

For this to work, an attacker must already have user rights in order to be able to execute their own (high-privileged) code. The risk emanating from the gap is with “mediumTrend Micro advises admins to quickly bring their servers up to date.

The version affected is ServerProtect for Linux (SPLX) 3.0. The developers state the output KHM 3.0.1.0023 having repaired it.


(of)

To home page



Source link
https://www.heise.de/news/Sicherheitsupdate-Luecke-in-Trend-Micro-ServerProtect-gefaehrdet-Linux-Systeme-4974321.html

LEAVE A REPLY

Please enter your comment!
Please enter your name here