All the vulnerabilites related to FUJITSU - SystemcastWizard Lite
var-200901-0308
Vulnerability from variot
Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet. Products that use the Preboot Execution Environment (PXE) SDK sample code provided by Intel contain multiple vulnerabilities. Products that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities. Nobuyuki Kanaya of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Information stored by the product using the PXE SDK sample code may be viewed, or arbitrary code may be executed. Fujitsu Systemcast Wizard Lite is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied input. Attackers can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will compromise the application and the underlying computer. Failed attacks will cause denial-of-service conditions. Systemcast Wizard Lite 2.0A and prior are vulnerable. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?
Click here to learn more: http://secunia.com/advisories/business_solutions/
TITLE: Fujitsu SystemcastWizard Lite Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA33594
VERIFY ADVISORY: http://secunia.com/advisories/33594/
CRITICAL: Moderately critical
IMPACT: Exposure of system information, Exposure of sensitive information, DoS, System access
WHERE:
From remote
SOFTWARE: Fujitsu SystemcastWizard Lite 2.x http://secunia.com/advisories/product/21065/ Fujitsu SystemcastWizard Lite 1.x http://secunia.com/advisories/product/21064/
DESCRIPTION: Some vulnerabilities have been reported in Fujitsu SystemcastWizard Lite, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code.
2) An input validation error in the TFTP service can be exploited to download files from arbitrary locations via directory traversal sequences.
The vulnerabilities are reported in versions 2.0, 2.0A, and prior 1.x versions.
SOLUTION: Apply vendor patch for versions after 1.6A.
Reportedly, a patch for previous versions will be available later.
PROVIDED AND/OR DISCOVERED BY: 1) Ruben Santamarta, Wintercore 2) Reported by the vendor.
ORIGINAL ADVISORY: Fujitsu: http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html
Ruben Santamarta: http://www.wintercore.com/advisories/advisory_W010109.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200901-0308",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "systemcastwizard lite",
"scope": "lte",
"trust": 1.8,
"vendor": "fujitsu",
"version": "2.0a"
},
{
"model": "systemcastwizard lite",
"scope": "eq",
"trust": 1.6,
"vendor": "fujitsu",
"version": "1.8"
},
{
"model": "systemcastwizard lite",
"scope": "eq",
"trust": 1.6,
"vendor": "fujitsu",
"version": "2.0"
},
{
"model": "systemcastwizard lite",
"scope": "eq",
"trust": 1.6,
"vendor": "fujitsu",
"version": "1.9"
},
{
"model": "systemcastwizard lite",
"scope": "eq",
"trust": 1.6,
"vendor": "fujitsu",
"version": "1.8a"
},
{
"model": "systemcastwizard lite",
"scope": "eq",
"trust": 1.6,
"vendor": "fujitsu",
"version": "1.7"
},
{
"model": "systemcastwizard lite",
"scope": "lte",
"trust": 0.8,
"vendor": "fujitsu",
"version": "v2.0a"
},
{
"model": "jp1/serverconductor/deployment manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise edition"
},
{
"model": "jp1/serverconductor/deployment manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard edition"
},
{
"model": "serverconductor/deployment manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "websam deploymentmanager",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "systemcastwizard lite",
"scope": "eq",
"trust": 0.6,
"vendor": "fujitsu",
"version": "2.0a"
},
{
"model": "systemcast wizard lite 2.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemcast wizard lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "2.0"
},
{
"model": "systemcast wizard lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "1.9"
},
{
"model": "systemcast wizard lite 1.8a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemcast wizard lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "1.8"
},
{
"model": "systemcast wizard lite",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "1.7"
}
],
"sources": [
{
"db": "BID",
"id": "33342"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001631"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000102"
},
{
"db": "NVD",
"id": "CVE-2009-0270"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-337"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:1.8a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0a",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:1.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0270"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruben Santamarta ruben@reversemode.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-337"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0270",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-0270",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2011-000102",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0270",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2011-000102",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200901-337",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001631"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000102"
},
{
"db": "NVD",
"id": "CVE-2009-0270"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-337"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet. Products that use the Preboot Execution Environment (PXE) SDK sample code provided by Intel contain multiple vulnerabilities. Products that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities. Nobuyuki Kanaya of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Information stored by the product using the PXE SDK sample code may be viewed, or arbitrary code may be executed. Fujitsu Systemcast Wizard Lite is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied input. \nAttackers can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will compromise the application and the underlying computer. Failed attacks will cause denial-of-service conditions. \nSystemcast Wizard Lite 2.0A and prior are vulnerable. ----------------------------------------------------------------------\n\nDid you know that a change in our assessment rating, exploit code\navailability, or if an updated patch is released by the vendor, is\nnot part of this mailing-list?\n\nClick here to learn more:\nhttp://secunia.com/advisories/business_solutions/\n\n----------------------------------------------------------------------\n\nTITLE:\nFujitsu SystemcastWizard Lite Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA33594\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/33594/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nExposure of system information, Exposure of sensitive information,\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nFujitsu SystemcastWizard Lite 2.x\nhttp://secunia.com/advisories/product/21065/\nFujitsu SystemcastWizard Lite 1.x\nhttp://secunia.com/advisories/product/21064/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Fujitsu SystemcastWizard\nLite, which can be exploited by malicious people to disclose\nsensitive information or to compromise a vulnerable system. \n\nSuccessful exploitation allows execution of arbitrary code. \n\n2) An input validation error in the TFTP service can be exploited to\ndownload files from arbitrary locations via directory traversal\nsequences. \n\nThe vulnerabilities are reported in versions 2.0, 2.0A, and prior 1.x\nversions. \n\nSOLUTION:\nApply vendor patch for versions after 1.6A. \n\nReportedly, a patch for previous versions will be available later. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Ruben Santamarta, Wintercore\n2) Reported by the vendor. \n\nORIGINAL ADVISORY:\nFujitsu:\nhttp://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html\n\nRuben Santamarta:\nhttp://www.wintercore.com/advisories/advisory_W010109.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0270"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001631"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000102"
},
{
"db": "BID",
"id": "33342"
},
{
"db": "PACKETSTORM",
"id": "74113"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0270",
"trust": 3.5
},
{
"db": "BID",
"id": "33342",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "33594",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "51486",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2009-0176",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001631",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVN05255562",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000102",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20090119 [WINTERCORE RESEARCH ] FUJITSU SYSTEMCASTWIZARD LITE PXESERVICE REMOTE BUFFER OVERFLOW.",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200901-337",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "74113",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "33342"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001631"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000102"
},
{
"db": "PACKETSTORM",
"id": "74113"
},
{
"db": "NVD",
"id": "CVE-2009-0270"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-337"
}
]
},
"id": "VAR-200901-0308",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.28333333
},
"last_update_date": "2023-12-18T11:25:06.670000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Precautions when using Windows Server 2008",
"trust": 1.6,
"url": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html"
},
{
"title": "HS11-026",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-026/index.html"
},
{
"title": "NV11-007",
"trust": 0.8,
"url": "http://www.nec.co.jp/security-info/secinfo/nv11-007.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001631"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000102"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 2.6
},
{
"problemtype": "CWE-22",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001631"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000102"
},
{
"db": "NVD",
"id": "CVE-2009-0270"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.wintercore.com/advisories/advisory_w010109.html"
},
{
"trust": 1.7,
"url": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html"
},
{
"trust": 1.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0270"
},
{
"trust": 1.6,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0270"
},
{
"trust": 1.6,
"url": "http://osvdb.org/51486"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/33594"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/33342"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/500172/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2009/0176"
},
{
"trust": 0.8,
"url": "https://jvn.jp/en/jp/jvn05255562/index.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/500172/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2009/0176"
},
{
"trust": 0.3,
"url": "http://www.fujitsu.com/"
},
{
"trust": 0.3,
"url": "http://www.fujitsu.com/global/services/computing/server/primequest/downloads/tools/"
},
{
"trust": 0.3,
"url": "http://www.fujitsu.com/global/services/computing/server/primequest/downloads/tools/index.html#systemcastwizardlitepatch"
},
{
"trust": 0.3,
"url": "/archive/1/500172"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/21065/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/33594/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/21064/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "BID",
"id": "33342"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001631"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000102"
},
{
"db": "PACKETSTORM",
"id": "74113"
},
{
"db": "NVD",
"id": "CVE-2009-0270"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-337"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "33342"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001631"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000102"
},
{
"db": "PACKETSTORM",
"id": "74113"
},
{
"db": "NVD",
"id": "CVE-2009-0270"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-337"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-01-19T00:00:00",
"db": "BID",
"id": "33342"
},
{
"date": "2009-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001631"
},
{
"date": "2011-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-000102"
},
{
"date": "2009-01-20T15:48:43",
"db": "PACKETSTORM",
"id": "74113"
},
{
"date": "2009-01-26T19:30:00.437000",
"db": "NVD",
"id": "CVE-2009-0270"
},
{
"date": "2009-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-337"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-02-17T15:48:00",
"db": "BID",
"id": "33342"
},
{
"date": "2009-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001631"
},
{
"date": "2011-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-000102"
},
{
"date": "2018-10-11T21:01:06.037000",
"db": "NVD",
"id": "CVE-2009-0270"
},
{
"date": "2009-03-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-337"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-337"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fujitsu SystemcastWizard Lite of PXEService.exe Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001631"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-337"
}
],
"trust": 0.6
}
}
jvndb-2011-000102
Vulnerability from jvndb
Published
2011-12-15 16:26
Modified
2011-12-20 18:14
Summary
Multiple vulnerabilities in products that use the Preboot Execution Environment (PXE) SDK
Details
Products that use the Preboot Execution Environment (PXE) SDK sample code provided by Intel contain multiple vulnerabilities.
Products that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities.
Nobuyuki Kanaya of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN05255562/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0270 | |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0270 | |
| Buffer Errors(CWE-119) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| Path Traversal(CWE-22) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000102.html",
"dc:date": "2011-12-20T18:14+09:00",
"dcterms:issued": "2011-12-15T16:26+09:00",
"dcterms:modified": "2011-12-20T18:14+09:00",
"description": "Products that use the Preboot Execution Environment (PXE) SDK sample code provided by Intel contain multiple vulnerabilities.\r\n\r\nProducts that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities.\r\n\r\nNobuyuki Kanaya of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000102.html",
"sec:cpe": [
{
"#text": "cpe:/a:fujitsu:systemcastwizard_lite",
"@product": "SystemcastWizard Lite",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:jp1_serverconductor_deployment_manager",
"@product": "JP1/ServerConductor/Deployment Manager",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:serverconductor_deployment_manager",
"@product": "ServerConductor/Deployment Manager",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:websam_deploymentmanager",
"@product": "WebSAM DeploymentManager",
"@vendor": "NEC Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "8.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000102",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN05255562/index.html",
"@id": "JVN#05255562",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0270",
"@id": "CVE-2009-0270",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0270",
"@id": "CVE-2009-0270",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Multiple vulnerabilities in products that use the Preboot Execution Environment (PXE) SDK"
}