Published: Feb 28, 2011
>> JAPANESE

1.Overview

The SEIL series products are routers developed by Internet Initiative Japan Inc. The SEIL routers are vulnerable to buffer overflow due to a flaw in processing the PPPoE packets used for establishing a network connection, such as to the Internet. If exploited, the vulnerability could allow an attacker to execute arbitrary code on the SEIL routers.

Get the fixed firmware available at the following URL and update the software:
http://www.seil.jp/support/security/a01001.html

For the latest information, refer to the following URL:
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000014

The IPA and JPCERT/CC received a report concerning this vulnerability from the developer on February 18, 2011 and made public today.

2.Impact

An attacker could execute arbitrary code on the SEIL routers.
According to the developer, the impact of the vulnerability is limited to those like the shutoff of the PPP Access Concentrator (PPPAC) function with all versions of SEIL/x86 and the version 3.00 through 3.11 of SEIL/B1, SEIL/X1 and SEIL/X2.

3.Solution

To fix this vulnerability, update the firmware to the fixed one provided by the developer.

4.CVSS Severity

(1)Evaluation Result

Severity Rating (CVSS base score)	□ Low (0.0~3.9)	□ Medium (4.0~6.9)	■ High (7.0~10.0)
CVSS base score			8.3

(2) Base Score Metrics

AV:Access Vector	□ Local	■ Adjacent 　Network	□ Network
AC:Access Complexity	□ High	□ Medium	■ Low
Au:Authentication	□ Multiple	□ Single	■ None
C:Confidentiality Impact	□ None	□ Partial	■ Complete
I:Integrity Impact	□ None	□ Partial	■ Complete
A:Availability Impact	□ None	□ Partial	■ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as “Buffer Errors (CWE-119)”.

Contact