Trend Micro ServerProtect EarthAgent Remote DoS Vulnerability

Remote exploitation of a denial of service vulnerability in Trend Micro Inc.'s ServerProtect EarthAgent daemon allow attackers to cause the target process to consume 100% of available CPU resources.

The problem specifically exists within ServerProtect EarthAgent in the handling of maliciously crafted packets transmitted with the magic value "\x21\x43\x65\x87" targeting TCP port 5005. A memory leak also occurs with each received exploit packet allowing an attacker to exhaust all available memory resources with repeated attack.

Successful exploitation of the described vulnerability allows unauthenticated remote attackers to consume 100% CPU resources, increasingly consume memory resources and potentially crash the underlying operating system. Full CPU utilization can be achieved with a single packet, memory consumption occurs incrementally on subsequent attacks.

iDEFENSE Advisory