[Japanese]
|
JVNDB-2011-000102
|
Multiple vulnerabilities in products that use the Preboot Execution Environment (PXE) SDK
|
Products that use the Preboot Execution Environment (PXE) SDK sample code provided by Intel contain multiple vulnerabilities.
Products that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities.
Nobuyuki Kanaya of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V2 Severity: Base Metrics 8.3 (High) [IPA Score]
- Access Vector: Adjacent Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Complete
- Integrity Impact: Complete
- Availability Impact: Complete
|
Products that use the PXE SDK sample may be vulnerable.
For more information, refer to the vendor information under "Vendor Status".
The vendors that have released affected product information are as follows.
|
NEC Corporation
Hitachi, Ltd
- JP1/ServerConductor/Deployment Manager Enterprise Edition
- JP1/ServerConductor/Deployment Manager Standard Edition
- ServerConductor/DeploymentManager
FUJITSU
- SystemcastWizard Lite V2.0A and earlier
|
|
Information stored by the product using the PXE SDK sample code may be viewed, or arbitrary code may be executed.
|
[Update the software]
Update according to the information provided by the product developer.
|
NEC Corporation
- NEC Security Information : NV11-007 (only in Japanese)
Hitachi, Ltd
- Hitachi Software Vulnerability Information : HS11-026 (only in Japanese)
FUJITSU
|
- Buffer Errors(CWE-119) [IPA Evaluation]
- Path Traversal(CWE-22) [IPA Evaluation]
|
- CVE-2009-0270
|
- JVN : JVN#05255562
- National Vulnerability Database (NVD) : CVE-2009-0270
|
- [2011/12/15]
Web page was published
[2011/12/20]
Affected Products : Products was added
Vendor Information : Contents was added
|