Published: Mayl 17, 2010
>> JAPANESE

1.Overview

CapsSuite Small Edition PatchMeister is a security patch deployment management tool developed by NEC Corporation. The Client Service for PTM of CapsSuite Small Edition PatchMeister contains a denial of service (DoS) vulnerability and if exploited, the servers and  computers installed with the Client Service for DPM may OS shutdown or reboot when being attacked externally.

For detailed information, refer to the following URL:
http://www.nec.co.jp/security-info/secinfo/nv10-005.html (Japanese)

For the latest information, refer to the following URL:
http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000020.html

IPA and JPCERT Coordination Center (JPCERT/CC) received a report concerning this vulnerability directly from the product developer on April 23, 2010, in line with the Information Security Early Warning Partnership, and made the announcement public on May 17, 2010.

2.Impact

A remote attacker could cause OS shutdown or reboot on the servers and computers installed with the Client Service for PTM.

3.Solution

To fix this vulnerability, update to the fixed version provided by the product developer.

4.CVSS Severity

(1)Evaluation Result

Severity Rating (CVSS base score)	□ Low (0.0~3.9)	□ Medium (4.0~6.9)	■ High (7.0~10.0)
CVSS base score			7.8

(2) Base Score Metrics

AV:Access Vector	□ Local	□ Adjacent 　Network	■ Network
AC:Access Complexity	□ High	□ Medium	■ Low
Au:Authentication	□ Multiple	□ Single	■ None
C:Confidentiality Impact	■ None	□ Partial	□ Complete
I:Integrity Impact	■ None	□ Partial	□ Complete
A:Availability Impact	□ None	□ Partial	■ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as “Design Error” (CWE-DesignError).

Contact