cvelistv5 - cve-2009-0270

cve-2009-0270

Vulnerability from cvelistv5

Published

2009-01-26 19:00

Modified

2024-08-07 04:24

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/51486
cve@mitre.org	http://secunia.com/advisories/33594	Vendor Advisory
cve@mitre.org	http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/500172/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/33342
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0176
cve@mitre.org	http://www.wintercore.com/advisories/advisory_W010109.html

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:24:18.434Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "51486",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/51486"
          },
          {
            "name": "20090119 [Wintercore Research ] Fujitsu SystemcastWizard Lite PXEService Remote Buffer Overflow.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500172/100/0/threaded"
          },
          {
            "name": "ADV-2009-0176",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0176"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.wintercore.com/advisories/advisory_W010109.html"
          },
          {
            "name": "33342",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33342"
          },
          {
            "name": "33594",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33594"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "51486",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/51486"
        },
        {
          "name": "20090119 [Wintercore Research ] Fujitsu SystemcastWizard Lite PXEService Remote Buffer Overflow.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500172/100/0/threaded"
        },
        {
          "name": "ADV-2009-0176",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0176"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.wintercore.com/advisories/advisory_W010109.html"
        },
        {
          "name": "33342",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33342"
        },
        {
          "name": "33594",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33594"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0270",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "51486",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/51486"
            },
            {
              "name": "20090119 [Wintercore Research ] Fujitsu SystemcastWizard Lite PXEService Remote Buffer Overflow.",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500172/100/0/threaded"
            },
            {
              "name": "ADV-2009-0176",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0176"
            },
            {
              "name": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html",
              "refsource": "CONFIRM",
              "url": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html"
            },
            {
              "name": "http://www.wintercore.com/advisories/advisory_W010109.html",
              "refsource": "MISC",
              "url": "http://www.wintercore.com/advisories/advisory_W010109.html"
            },
            {
              "name": "33342",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33342"
            },
            {
              "name": "33594",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33594"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0270",
    "datePublished": "2009-01-26T19:00:00",
    "dateReserved": "2009-01-26T00:00:00",
    "dateUpdated": "2024-08-07T04:24:18.434Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0270\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-01-26T19:30:00.437\",\"lastModified\":\"2018-10-11T21:01:06.037\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de pila basado en b\u00fafer en la ejecuci\u00f3n de PXEService.exe en Fujitsu SystemcastWizard Lite 2.0a, 2.0, 1.9, y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una petici\u00f3n de protocolo PXE demasiado larga en un paquete UDP.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":10.0},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:systemcastwizard_lite:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0a\",\"matchCriteriaId\":\"11D8AB23-D9AD-4CA8-97E6-356AEBF265EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:systemcastwizard_lite:1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB61C15C-E8E1-4CAF-AA3A-15324CDB40C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:systemcastwizard_lite:1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"480C0061-C897-48BD-88E0-1924CB5CD702\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:systemcastwizard_lite:1.8a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D83F23D0-E114-4D28-9FDC-9F7E5567A697\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:systemcastwizard_lite:1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81ED3CA6-9635-432B-8001-41AB64A1CD26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:systemcastwizard_lite:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B81C753-B760-415C-8F7C-2770DED8285F\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/51486\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/33594\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/500172/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/33342\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0176\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.wintercore.com/advisories/advisory_W010109.html\",\"source\":\"cve@mitre.org\"}]}}"
  }
}

cve-2009-0270

Vulnerability from jvndb

Published

2011-12-15 16:26

Modified

2011-12-20 18:14

Severity ?

() - -

Summary

Multiple vulnerabilities in products that use the Preboot Execution Environment (PXE) SDK

Details

Products that use the Preboot Execution Environment (PXE) SDK sample code provided by Intel contain multiple vulnerabilities. Products that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities. Nobuyuki Kanaya of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN05255562/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0270
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0270
	Buffer Errors(CWE-119)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Path Traversal(CWE-22)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	FUJITSU	SystemcastWizard Lite
	Hitachi, Ltd	JP1/ServerConductor/Deployment Manager
	Hitachi, Ltd	ServerConductor/Deployment Manager
	NEC Corporation	WebSAM DeploymentManager

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000102.html",
  "dc:date": "2011-12-20T18:14+09:00",
  "dcterms:issued": "2011-12-15T16:26+09:00",
  "dcterms:modified": "2011-12-20T18:14+09:00",
  "description": "Products that use the Preboot Execution Environment (PXE) SDK sample code provided by Intel contain multiple vulnerabilities.\r\n\r\nProducts that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities.\r\n\r\nNobuyuki Kanaya of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000102.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:fujitsu:systemcastwizard_lite",
      "@product": "SystemcastWizard Lite",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1_serverconductor_deployment_manager",
      "@product": "JP1/ServerConductor/Deployment Manager",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:serverconductor_deployment_manager",
      "@product": "ServerConductor/Deployment Manager",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:nec:websam_deploymentmanager",
      "@product": "WebSAM DeploymentManager",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "8.3",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2011-000102",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN05255562/index.html",
      "@id": "JVN#05255562",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0270",
      "@id": "CVE-2009-0270",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0270",
      "@id": "CVE-2009-0270",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    }
  ],
  "title": "Multiple vulnerabilities in products that use the Preboot Execution Environment (PXE) SDK"
}

var-200901-0308

Vulnerability from variot

Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet. Products that use the Preboot Execution Environment (PXE) SDK sample code provided by Intel contain multiple vulnerabilities. Products that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities. Nobuyuki Kanaya of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Information stored by the product using the PXE SDK sample code may be viewed, or arbitrary code may be executed. Fujitsu Systemcast Wizard Lite is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied input. Attackers can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will compromise the application and the underlying computer. Failed attacks will cause denial-of-service conditions. Systemcast Wizard Lite 2.0A and prior are vulnerable. ----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?

Click here to learn more: http://secunia.com/advisories/business_solutions/

TITLE: Fujitsu SystemcastWizard Lite Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA33594

VERIFY ADVISORY: http://secunia.com/advisories/33594/

CRITICAL: Moderately critical

IMPACT: Exposure of system information, Exposure of sensitive information, DoS, System access

WHERE:

From remote

SOFTWARE: Fujitsu SystemcastWizard Lite 2.x http://secunia.com/advisories/product/21065/ Fujitsu SystemcastWizard Lite 1.x http://secunia.com/advisories/product/21064/

DESCRIPTION: Some vulnerabilities have been reported in Fujitsu SystemcastWizard Lite, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

Successful exploitation allows execution of arbitrary code.

2) An input validation error in the TFTP service can be exploited to download files from arbitrary locations via directory traversal sequences.

The vulnerabilities are reported in versions 2.0, 2.0A, and prior 1.x versions.

SOLUTION: Apply vendor patch for versions after 1.6A.

Reportedly, a patch for previous versions will be available later.

PROVIDED AND/OR DISCOVERED BY: 1) Ruben Santamarta, Wintercore 2) Reported by the vendor.

ORIGINAL ADVISORY: Fujitsu: http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html

Ruben Santamarta: http://www.wintercore.com/advisories/advisory_W010109.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200901-0308",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "systemcastwizard lite",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "fujitsu",
        "version": "2.0a"
      },
      {
        "model": "systemcastwizard lite",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "1.8"
      },
      {
        "model": "systemcastwizard lite",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "2.0"
      },
      {
        "model": "systemcastwizard lite",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "1.9"
      },
      {
        "model": "systemcastwizard lite",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "1.8a"
      },
      {
        "model": "systemcastwizard lite",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "1.7"
      },
      {
        "model": "systemcastwizard lite",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "v2.0a"
      },
      {
        "model": "jp1/serverconductor/deployment manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "enterprise edition"
      },
      {
        "model": "jp1/serverconductor/deployment manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "standard edition"
      },
      {
        "model": "serverconductor/deployment manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "websam deploymentmanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "systemcastwizard lite",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fujitsu",
        "version": "2.0a"
      },
      {
        "model": "systemcast wizard lite 2.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemcast wizard lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "2.0"
      },
      {
        "model": "systemcast wizard lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "1.9"
      },
      {
        "model": "systemcast wizard lite 1.8a",
        "scope": null,
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemcast wizard lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "1.8"
      },
      {
        "model": "systemcast wizard lite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "1.7"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "33342"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001631"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000102"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0270"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-337"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:1.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0a",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-0270"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ruben Santamarta ruben@reversemode.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-337"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2009-0270",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2009-0270",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 8.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2011-000102",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-0270",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2011-000102",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200901-337",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001631"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000102"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0270"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-337"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet. Products that use the Preboot Execution Environment (PXE) SDK sample code provided by Intel contain multiple vulnerabilities. Products that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities. Nobuyuki Kanaya of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Information stored by the product using the PXE SDK sample code may be viewed, or arbitrary code may be executed. Fujitsu Systemcast Wizard Lite is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied input. \nAttackers can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will compromise the application and the underlying computer. Failed attacks will cause denial-of-service conditions. \nSystemcast Wizard Lite 2.0A and prior are vulnerable. ----------------------------------------------------------------------\n\nDid you know that a change in our assessment rating, exploit code\navailability, or if an updated patch is released by the vendor, is\nnot part of this mailing-list?\n\nClick here to learn more:\nhttp://secunia.com/advisories/business_solutions/\n\n----------------------------------------------------------------------\n\nTITLE:\nFujitsu SystemcastWizard Lite Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA33594\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/33594/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nExposure of system information, Exposure of sensitive information,\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nFujitsu SystemcastWizard Lite 2.x\nhttp://secunia.com/advisories/product/21065/\nFujitsu SystemcastWizard Lite 1.x\nhttp://secunia.com/advisories/product/21064/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Fujitsu SystemcastWizard\nLite, which can be exploited by malicious people to disclose\nsensitive information or to compromise a vulnerable system. \n\nSuccessful exploitation allows execution of arbitrary code. \n\n2) An input validation error in the TFTP service can be exploited to\ndownload files from arbitrary locations via directory traversal\nsequences. \n\nThe vulnerabilities are reported in versions 2.0, 2.0A, and prior 1.x\nversions. \n\nSOLUTION:\nApply vendor patch for versions after 1.6A. \n\nReportedly, a patch for previous versions will be available later. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Ruben Santamarta, Wintercore\n2) Reported by the vendor. \n\nORIGINAL ADVISORY:\nFujitsu:\nhttp://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html\n\nRuben Santamarta:\nhttp://www.wintercore.com/advisories/advisory_W010109.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-0270"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001631"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000102"
      },
      {
        "db": "BID",
        "id": "33342"
      },
      {
        "db": "PACKETSTORM",
        "id": "74113"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-0270",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "33342",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "33594",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "51486",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-0176",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001631",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVN05255562",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000102",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20090119 [WINTERCORE RESEARCH ] FUJITSU SYSTEMCASTWIZARD LITE PXESERVICE REMOTE BUFFER OVERFLOW.",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-337",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "74113",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "33342"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001631"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000102"
      },
      {
        "db": "PACKETSTORM",
        "id": "74113"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0270"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-337"
      }
    ]
  },
  "id": "VAR-200901-0308",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.28333333
  },
  "last_update_date": "2023-12-18T11:25:06.670000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Precautions when using Windows Server 2008",
        "trust": 1.6,
        "url": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html"
      },
      {
        "title": "HS11-026",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-026/index.html"
      },
      {
        "title": "NV11-007",
        "trust": 0.8,
        "url": "http://www.nec.co.jp/security-info/secinfo/nv11-007.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001631"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000102"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 2.6
      },
      {
        "problemtype": "CWE-22",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001631"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000102"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0270"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.wintercore.com/advisories/advisory_w010109.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html"
      },
      {
        "trust": 1.6,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0270"
      },
      {
        "trust": 1.6,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0270"
      },
      {
        "trust": 1.6,
        "url": "http://osvdb.org/51486"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/33594"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/33342"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/500172/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2009/0176"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/en/jp/jvn05255562/index.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/500172/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2009/0176"
      },
      {
        "trust": 0.3,
        "url": "http://www.fujitsu.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.fujitsu.com/global/services/computing/server/primequest/downloads/tools/"
      },
      {
        "trust": 0.3,
        "url": "http://www.fujitsu.com/global/services/computing/server/primequest/downloads/tools/index.html#systemcastwizardlitepatch"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/500172"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/21065/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/33594/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/21064/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "33342"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001631"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000102"
      },
      {
        "db": "PACKETSTORM",
        "id": "74113"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0270"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-337"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "33342"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001631"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000102"
      },
      {
        "db": "PACKETSTORM",
        "id": "74113"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0270"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-337"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-01-19T00:00:00",
        "db": "BID",
        "id": "33342"
      },
      {
        "date": "2009-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001631"
      },
      {
        "date": "2011-12-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-000102"
      },
      {
        "date": "2009-01-20T15:48:43",
        "db": "PACKETSTORM",
        "id": "74113"
      },
      {
        "date": "2009-01-26T19:30:00.437000",
        "db": "NVD",
        "id": "CVE-2009-0270"
      },
      {
        "date": "2009-01-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200901-337"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-02-17T15:48:00",
        "db": "BID",
        "id": "33342"
      },
      {
        "date": "2009-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001631"
      },
      {
        "date": "2011-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-000102"
      },
      {
        "date": "2018-10-11T21:01:06.037000",
        "db": "NVD",
        "id": "CVE-2009-0270"
      },
      {
        "date": "2009-03-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200901-337"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-337"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fujitsu SystemcastWizard Lite of  PXEService.exe Vulnerable to buffer overflow",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001631"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200901-337"
      }
    ],
    "trust": 0.6
  }
}

ghsa-pq5r-3v56-qhmr

Vulnerability from github

Published

2022-05-02 03:13

Modified

2022-05-02 03:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0270"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-01-26T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet.",
  "id": "GHSA-pq5r-3v56-qhmr",
  "modified": "2022-05-02T03:13:58Z",
  "published": "2022-05-02T03:13:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0270"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/51486"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33594"
    },
    {
      "type": "WEB",
      "url": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/500172/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/33342"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0176"
    },
    {
      "type": "WEB",
      "url": "http://www.wintercore.com/advisories/advisory_W010109.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2009-0270

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-0270

Aliases

CVE-2009-0270

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0270",
    "description": "Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet.",
    "id": "GSD-2009-0270"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0270"
      ],
      "details": "Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet.",
      "id": "GSD-2009-0270",
      "modified": "2023-12-13T01:19:44.595154Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-0270",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "51486",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/51486"
          },
          {
            "name": "20090119 [Wintercore Research ] Fujitsu SystemcastWizard Lite PXEService Remote Buffer Overflow.",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/500172/100/0/threaded"
          },
          {
            "name": "ADV-2009-0176",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0176"
          },
          {
            "name": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html",
            "refsource": "CONFIRM",
            "url": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html"
          },
          {
            "name": "http://www.wintercore.com/advisories/advisory_W010109.html",
            "refsource": "MISC",
            "url": "http://www.wintercore.com/advisories/advisory_W010109.html"
          },
          {
            "name": "33342",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/33342"
          },
          {
            "name": "33594",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33594"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:1.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0a",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:systemcastwizard_lite:1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0270"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.wintercore.com/advisories/advisory_W010109.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.wintercore.com/advisories/advisory_W010109.html"
            },
            {
              "name": "51486",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/51486"
            },
            {
              "name": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html"
            },
            {
              "name": "33594",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/33594"
            },
            {
              "name": "33342",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/33342"
            },
            {
              "name": "ADV-2009-0176",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/0176"
            },
            {
              "name": "20090119 [Wintercore Research ] Fujitsu SystemcastWizard Lite PXEService Remote Buffer Overflow.",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/500172/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-11T21:01Z",
      "publishedDate": "2009-01-26T19:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2009-0270

Vulnerability from cvelistv5

cve-2009-0270

Vulnerability from jvndb

var-200901-0308

Vulnerability from variot

ghsa-pq5r-3v56-qhmr

Vulnerability from github

gsd-2009-0270

Vulnerability from gsd

Tags

Sightings

Nomenclature