[Japanese]

JVNDB-2011-000014

SEIL Series routers vulnerable to buffer overflow

Overview

SEIL Series routers contain a buffer overflow vulnerability.

The PPP Access Concentrator (PPPAC) contained in SEIL Series routers contain a buffer overflow vulnerability when processing PPPoE packets.
CVSS Severity (What is CVSS?)

Base Metrics: 8.3 (High) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete

Affected Products


Internet Initiative Japan Inc.
  • SEIL/B1 firmware 1.00 to 3.11
  • SEIL/neu 2FE Plus firmware 1.80 to 2.10
  • SEIL/Turbo firmware 1.80 to 2.10
  • SEIL/X1 firmware 1.00 to 3.11
  • SEIL/X2 firmware 1.00 to 3.11
  • SEIL/x86 firmware 1.00 to 1.61

Impact

An attacker may be able to execute arbitrary code.

Accoding to the developer, all versions of SEIL/86, SEIL/B1, SEIL/X1, SEIL/X2 3.00 through 3.11 process PPPoE packets in a non-administrative mode of operation, therefore the affect of this vulnerability is limited to the PPPAC service being stopped.
Solution

[Update the Software]
Update to the latest version according to the information provided by the developer.

This issue was resolved in the following versions.

SEIL/x86 firmware 1.62
SEIL/B1 firmware 3.12
SEIL/X1 firmware 3.12
SEIL/X2 firmware 3.12
SEIL/Turbo firmware 2.11
SEIL/neu 2FE Plus firmware 2.11
Vendor Information

Internet Initiative Japan Inc.
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2011-0454
References

  1. JVN : JVN#88991166
  2. National Vulnerability Database (NVD) : CVE-2011-0454
  3. IPA SECURITY ALERTS : Security Alert for Vulnerability in SEIL Series Products
  4. Secunia Advisory : SA43494
  5. SecurityFocus : 46598
  6. ISS X-Force Database : 65672
Revision History

[2011/02/28]
  Web page published