JVNDB-2009-002358

Fujitsu Interstage and Systemwalker SSL Vulnerabilities

Fujitsu Interstage and Systemwalker related products have the vulnerabilities listed below:
- A buffer overflow vulnerability that can occur when the SSL server verifies the client's certificate.
- A vulnerability that makes it possible to make an SSL connection using a server or client certificate issued by the old CA certificate after the CA certificate is renewed, regardless of the settings of the certificate environment variables.
- A vulnerability where the depletion of resources, such as file descriptors, can occur on the SSL server.

FUJITSU

• InfoDirectory
• InfoProvider Pro
• InfoProxy
• InfoProxy for Middleware
• Interstage
• Interstage Apcoordinator
• Interstage Application Framework Suite
• Interstage Application Server
• Interstage Apworks
• Interstage Business Application Manager
• Interstage Form Coordinator syomei option
• Interstage Security Director
• Interstage Traffic Director
• Linkexpress
• Safeauthor
• Safegate
• safegate Client
• Safegate syutyu kanri
• SymfoWARE Universal Data Interchanger
• Systemwalker Centric Manager
• Systemwalker CentricMGR-A
• Systemwalker Desktop Inspection
• Systemwalker Desktop Patrol
• Systemwalker Formcoordinator syomei option
• Systemwalker IT Budget Manager
• SystemWalker IT BudgetMGR
• Systemwalker Software Delivery
• SystemWalker/InfoDirectory
• TRADEMASTER
• TRMASTER

A remote attacker can cause a denial of service (DoS) condition or make an SSL connection using a fake certificate.

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.

FUJITSU

• FUJITSU Security Information : interstage_systemwalker_ssl_200901 (Japanese)

1. Buffer Errors(CWE-119) [IPA Evaluation]
2. Improper Authentication(CWE-287) [IPA Evaluation]
3. Resource Management Errors(CWE-399) [IPA Evaluation]

• [2009/12/28]
    Web page published