Font Size Change

HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in CapsSuite Small Edition PatchMeister

PRINT PAGE

IT Security

IPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in CapsSuite Small Edition PatchMeister


Published: Mayl 17, 2010
>> JAPANESE

Information-technology Promotion Agency, Japan (IPA, Chairman Koji Nishigaki) has issued a security alert concerning a vulnerability in CapsSuite Small Edition PatchMeister on May 17, 2010.
The servers and computers installed with the Client Service for PTM may OS shutdown or reboot when being attacked externally.
To fix this vulnerability, update to the fixed version provided by the product developer.

1.Overview

CapsSuite Small Edition PatchMeister is a security patch deployment management tool developed by NEC Corporation. The Client Service for PTM of CapsSuite Small Edition PatchMeister contains a denial of service (DoS) vulnerability and if exploited, the servers and  computers installed with the Client Service for DPM may OS shutdown or reboot when being attacked externally.

For detailed information, refer to the following URL:
http://www.nec.co.jp/security-info/secinfo/nv10-005.html (Japanese)

For the latest information, refer to the following URL:
http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000020.html

IPA and JPCERT Coordination Center (JPCERT/CC) received a report concerning this vulnerability directly from the product developer on April 23, 2010, in line with the Information Security Early Warning Partnership, and made the announcement public on May 17, 2010.

2.Impact

A remote attacker could cause OS shutdown or reboot on the servers and computers installed with the Client Service for PTM.

Security Alert for Vulnerability in OpenPNE

3.Solution

To fix this vulnerability, update to the fixed version provided by the product developer.

4.CVSS Severity

(1)Evaluation Result

Severity Rating
(CVSS base score)
□ Low
(0.0~3.9)
□ Medium
(4.0~6.9)
■ High
(7.0~10.0)
CVSS base score    
7.8

(2) Base Score Metrics

AV:Access Vector □ Local □ Adjacent
 Network
■ Network
AC:Access Complexity □ High □ Medium ■ Low
Au:Authentication □ Multiple □ Single ■ None
C:Confidentiality Impact ■ None □ Partial □ Complete
I:Integrity Impact ■ None □ Partial □ Complete
A:Availability Impact □ None □ Partial ■ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as "No Mapping (CWE-DesignError)".

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: