Font Size Change

HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in SEIL Series Products

PRINT PAGE

IT Security

IPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in SEIL Series Products

Published: Feb 28, 2011
>> JAPANESE

Information-technology Promotion Agency, Japan (IPA, Chairman Kazumasa Fujie) has issued a security alert concerning security vulnerability in the SEIL series products on February 28, 2011.
The vulnerability allows an attacker to execute arbitrary code on the SEIL series products. To fix the vulnerability, update the firmware to the fixed one provided by the developer.

1.Overview

The SEIL series products are routers developed by Internet Initiative Japan Inc. The SEIL routers are vulnerable to buffer overflow due to a flaw in processing the PPPoE packets used for establishing a network connection, such as to the Internet. If exploited, the vulnerability could allow an attacker to execute arbitrary code on the SEIL routers.

Get the fixed firmware available at the following URL and update the software:
http://www.seil.jp/support/security/a01001.html

For the latest information, refer to the following URL:
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000014

The IPA and JPCERT/CC received a report concerning this vulnerability from the developer on February 18, 2011 and made public today.

2.Impact

An attacker could execute arbitrary code on the SEIL routers.
According to the developer, the impact of the vulnerability is limited to those like the shutoff of the PPP Access Concentrator (PPPAC) function with all versions of SEIL/x86 and the version 3.00 through 3.11 of SEIL/B1, SEIL/X1 and SEIL/X2.

Security Alert for Vulnerability in Ichitaro Series

3.Solution

To fix this vulnerability, update the firmware to the fixed one provided by the developer.

4.CVSS Severity

(1)Evaluation Result

Severity Rating
(CVSS base score)
□ Low
(0.0~3.9)
Medium
(4.0~6.9)
■ High
(7.0~10.0)
CVSS base score  
8.3

(2) Base Score Metrics

AV:Access Vector □ Local ■ Adjacent
 Network
□ Network
AC:Access Complexity □ High □ Medium ■ Low
Au:Authentication □ Multiple □ Single ■ None
C:Confidentiality Impact □ None □ Partial ■ Complete
I:Integrity Impact □ None □ Partial ■ Complete
A:Availability Impact □ None □ Partial ■ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as "Buffer Errors (CWE-119)".

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: