COMMAND

    VirusWall

SYSTEMS AFFECTED

    Trend Micro InterScan VirusWall for Windows NT 3.51

PROBLEM

    Following is based on a SNS Advisory No.30.  It is possible for  a
    remote  user  to  improperly  gain  access  to  admin functions of
    InterScan VirusWall for Windows NT.  To change configurations  via
    web browser, access to following URL:

        http://VirusWall/interscan/cgi-bin/interscan.dll

    Then, no authentication is required and any remote user can change
    configuration setting.  Discovered by Nobuo Miwa.

SOLUTION

    Trend Micro  support team  responded nothing.    Until  the  patch
    will  be  released,  set  up  access  control  to refuse access to
    servers   in   which   InterScan   VirusWall   is   installed   by
    non-administrative user.