Published: May 17, 2010
>> JAPANESE

1.Overview

WebSAM DeploymentManager is a software deployment management tool developed by NEC Corporation. The Client Service for DPM of WebSAM DeploymentManager contains a denial of service (DoS) vulnerability and if exploited, the servers and computers installed with the Client Service for DPM may OS shutdown or reboot when being externally attacked.

For detailed information, refer to the following URL:
http://www.nec.co.jp/security-info/secinfo/nv10-004.html (Japanese)

For the latest information, refer to the following URL:
http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000019.html

IPA and JPCERT Coordination Center (JPCERT/CC) received a report concerning this vulnerability directly from the product developer on April 23, 2010, in line with the Information Security Early Warning Partnership, and made the announcement public on May 17, 2010.

2.Impact

A remote attacker could cause OS shutdown or reboot on the servers and computers installed with the Client Service for DPM.

3.Solution

To fix this vulnerability, update to the fixed version provided by the product developer.

4.CVSS Severity

(1)Evaluation Result

Severity Rating (CVSS base score)	□ Low (0.0~3.9)	□ Medium (4.0~6.9)	■ High (7.0~10.0)
CVSS base score			7.8

(2) Base Score Metrics

AV:Access Vector	□ Local	□ Adjacent 　Network	■ Network
AC:Access Complexity	□ High	□ Medium	■ Low
Au:Authentication	□ Multiple	□ Single	■ None
C:Confidentiality Impact	■ None	□ Partial	□ Complete
I:Integrity Impact	■ None	□ Partial	□ Complete
A:Availability Impact	□ None	□ Partial	■ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as “Design Error” (CWE-DesignError).

Contact