#VU48672 Heap-based buffer overflow in ServerProtect for Linux - CVE-2020-28575
Published: November 26, 2020
Vulnerability identifier: #VU48672
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-28575
CWE-ID: CWE-122
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
ServerProtect for Linux
ServerProtect for Linux
Software vendor:
Trend Micro
Trend Micro
Description
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to a boundary error in the "ioctlMod" function. A local administrator can pass specially crafted data to the applicatoin, trigger heap-based buffer overflow and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.