|TREND MICRO CUSTOMER PROTECTION
|Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['19225']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges.
Vendor Contact Timeline:
08/13/2014 - ZDI wrote to vendor requesting contact and PGP
Given the stated purpose of Realtek SDK, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with products using Realtek SDK service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in http://technet.microsoft.com/en-us/library/cc725770%28WS.10%29.aspx and numerous other Microsoft Knowledge Base articles.
|Ricky "HeadlessZeke" Lawshae