[Japanese]

JVNDB-2009-002358

Fujitsu Interstage and Systemwalker SSL Vulnerabilities

Overview

Fujitsu Interstage and Systemwalker related products have the vulnerabilities listed below:
- A buffer overflow vulnerability that can occur when the SSL server verifies the client's certificate.
- A vulnerability that makes it possible to make an SSL connection using a server or client certificate issued by the old CA certificate after the CA certificate is renewed, regardless of the settings of the certificate environment variables.
- A vulnerability where the depletion of resources, such as file descriptors, can occur on the SSL server.
CVSS Severity (What is CVSS?)

Base Metrics: 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial
Affected Products

FUJITSU
  • InfoDirectory
  • InfoProvider Pro
  • InfoProxy
  • InfoProxy for Middleware
  • INTERSTAGE
  • Interstage Apcoordinator
  • Interstage Application Framework Suite
  • Interstage Application Server
  • Interstage Apworks
  • Interstage Business Application Manager
  • Interstage Form Coordinator syomei option
  • Interstage Security Director
  • Interstage Traffic Director
  • Linkexpress
  • Safeauthor
  • Safegate
  • safegate Client
  • Safegate syutyu kanri
  • SymfoWARE Universal Data Interchanger
  • Systemwalker Centric Manager
  • Systemwalker CentricMGR-A
  • Systemwalker Desktop Inspection
  • Systemwalker Desktop Patrol
  • Systemwalker Formcoordinator syomei option
  • Systemwalker IT Budget Manager
  • SystemWalker IT BudgetMGR
  • Systemwalker Software Delivery
  • SystemWalker/InfoDirectory
  • TRADEMASTER
  • TRMASTER
Impact

A remote attacker can cause a denial of service (DoS) condition or make an SSL connection using a fake certificate.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

FUJITSU
References

  1. Common Weakness Enumeration (CWE) : Buffer Errors (CWE-119) [IPA Evaluation]
  2. Common Weakness Enumeration (CWE) : Improper Authentication (CWE-287) [IPA Evaluation]
  3. Common Weakness Enumeration (CWE) : Resource Management Errors (CWE-399) [IPA Evaluation]
Revision History

[2009/12/28]
  Web page published 

Date Public2009/11/10
Date First Published2009/12/28
Date Last Updated2009/12/28