|
[Japanese]
|
JVNDB-2011-000014
|
SEIL Series routers vulnerable to buffer overflow
|
|
SEIL Series routers contain a buffer overflow vulnerability.
The PPP Access Concentrator (PPPAC) contained in SEIL Series routers contain a buffer overflow vulnerability when processing PPPoE packets.
|
|
CVSS V2 Severity:
Base Metrics 8.3 (High) [IPA Score]
- Access Vector: Adjacent Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Complete
- Integrity Impact: Complete
- Availability Impact: Complete
|
|
|
Internet Initiative Japan Inc.
- SEIL/B1 firmware 1.00 to 3.11
- SEIL/neu 2FE Plus firmware 1.80 to 2.10
- SEIL/Turbo firmware 1.80 to 2.10
- SEIL/X1 firmware 1.00 to 3.11
- SEIL/X2 firmware 1.00 to 3.11
- SEIL/x86 firmware 1.00 to 1.61
|
|
|
An attacker may be able to execute arbitrary code.
Accoding to the developer, all versions of SEIL/86, SEIL/B1, SEIL/X1, SEIL/X2 3.00 through 3.11 process PPPoE packets in a non-administrative mode of operation, therefore the affect of this vulnerability is limited to the PPPAC service being stopped.
|
|
[Update the Software]
Update to the latest version according to the information provided by the developer.
This issue was resolved in the following versions.
SEIL/x86 firmware 1.62
SEIL/B1 firmware 3.12
SEIL/X1 firmware 3.12
SEIL/X2 firmware 3.12
SEIL/Turbo firmware 2.11
SEIL/neu 2FE Plus firmware 2.11
|
|
Internet Initiative Japan Inc.
|
|
- Buffer Errors(CWE-119) [IPA Evaluation]
|
|
- CVE-2011-0454
|
|
- JVN : JVN#88991166
- National Vulnerability Database (NVD) : CVE-2011-0454
- IPA SECURITY ALERTS : Security Alert for Vulnerability in SEIL Series Products
- Secunia Advisory : SA43494
- SecurityFocus : 46598
- ISS X-Force Database : 65672
|
|
- [2011/02/28]
Web page published
|
