Skip to main content
  1. Home >
  2. Support >
  3. Products >
  4. Software >
  5. Security >
  6. Interstage HTTP Server: Buffer Overflow Vulnerability in Log Feature. November 26th, 2013

Interstage HTTP Server: Buffer Overflow Vulnerability in Log Feature. November 26th, 2013


Notes on using this web page

1. Description

A vulnerability has been confirmed where a buffer overflow occurs in the Interstage HTTP Server log feature (ihsrlog/rotatelogs).

Fujitsu provides security patches shown in 3.
Please apply them as soon as possible.

2. Impact

This vulnerability allows a malicious third party to execute an arbitrary code.

3. Affected systems and corresponding action

3-1. Affected systems:

GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, AT-compatible machine, PRIMEQUEST, SPARC Enterprise

3-2. Affected products and required patch

Interstage Application Server
Products Version Target OS Package name Patch ID.
Interstage Application Server Enterprise Edition for Windows[*a] V9.0.0/ V9.0.0A Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2 F3FMihs T001001WP-08
Interstage Application Server Enterprise Edition for Windows V9.1.0/ V9.1.0B Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008 F3FMihs T002174WP-06
Interstage Application Server Enterprise Edition for Windows V9.2.0 Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 F3FMihs T004344WP-05
Interstage Application Server Enterprise Edition for Windows V10.0.0 Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 F3FMihs T006036WP-02
Interstage Application Server Standard-J Edition for Windows[*a] V9.0.0/ V9.0.0A/ V9.0.0B Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2 F3FMihs T001001WP-08
Interstage Application Server Standard-J Edition for Windows V9.1.0/ V9.1.0B Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008 F3FMihs T002174WP-06
Interstage Application Server Standard-J Edition for Windows V9.2.0 Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 F3FMihs T004344WP-05
Interstage Application Server Standard-J Edition for Windows V10.0.0 Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 F3FMihs T006036WP-02
Interstage Application Server Enterprise Edition for Windows V9.0.0 Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2 F3FMihs T001005IP-07
Interstage Application Server Enterprise Edition for Windows V9.1.0 Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 F3FMihs T002175IP-06
Interstage Application Server Enterprise Edition for Windows V9.2.0 Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 F3FMihs T004345IP-05
Interstage Application Server Standard-J Edition for Windows V9.0.0 Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2 F3FMihs T001005IP-07
Interstage Application Server Standard-J Edition for Windows V9.1.0 Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 F3FMihs T002175IP-06
Interstage Application Server Standard-J Edition for Windows V9.2.0 Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 F3FMihs T004345IP-05
Interstage Application Server Enterprise Edition for Windows V9.2.0 Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 F3FMihs T004346XP-05
Interstage Application Server Enterprise Edition for Windows V10.0.0 Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 F3FMihs T006037XP-02
Interstage Application Server Standard-J Edition for Windows V9.2.0 Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 F3FMihs T004346XP-05
Interstage Application Server Standard-J Edition for Windows V10.0.0 Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 F3FMihs T006037XP-02
Interstage Application Server Enterprise Edition V9.0.0/ V9.0.0B Solaris 9/ 10 FJSVihs T001004SP-09
Interstage Application Server Enterprise Edition V9.1.0/ V9.1.0B Solaris 9/ 10 FJSVihs T002180SP-07
Interstage Application Server Enterprise Edition V9.2.0 Solaris 9/ 10 FJSVihs T004343SP-05
Interstage Application Server Enterprise Edition V10.0.0 Solaris 9/ 10 FJSVihs T006035SP-02
Interstage Application Server Standard-J Edition V9.0.0 Solaris 9/ 10 FJSVihs T001004SP-09
Interstage Application Server Standard-J Edition V9.1.0/ V9.1.0B Solaris 9/ 10 FJSVihs T002180SP-07
Interstage Application Server Standard-J Edition V9.2.0 Solaris 9/ 10 FJSVihs T004343SP-05
Interstage Application Server Standard-J Edition V10.0.0 Solaris 9/ 10 FJSVihs T006035SP-02
Interstage Application Server Enterprise Edition for Linux V9.0.0 RHEL-AS4(x86)/ AS4(EM64T) FJSVihs T001003LP-07
Interstage Application Server Enterprise Edition for Linux V9.1.0/ V9.1.0B RHEL-AS4(x86)/ AS4(EM64T) FJSVihs T002176LP-06
Interstage Application Server Enterprise Edition for Linux V9.2.0/ V9.3.1 RHEL-AS4(x86)/ AS4(EM64T) FJSVihs T004338LP-05
Interstage Application Server Standard-J Edition for Linux V9.0.0 RHEL-AS4(x86)/ AS4(EM64T) FJSVihs T001003LP-07
Interstage Application Server Standard-J Edition for Linux V9.1.0/ V9.1.0B RHEL-AS4(x86)/ AS4(EM64T) FJSVihs T002176LP-06
Interstage Application Server Standard-J Edition for Linux V9.2.0/ V9.3.1 RHEL-AS4(x86)/ AS4(EM64T) FJSVihs T004338LP-05
Interstage Application Server Enterprise Edition for Linux V9.0.0 RHEL5(x86)/ RHEL5(Intel64) FJSVihs T001044LP-07
Interstage Application Server Enterprise Edition for Linux V9.1.0/ V9.1.0B RHEL5(x86)/ RHEL5(Intel64) FJSVihs T002177LP-06
Interstage Application Server Enterprise Edition for Linux V9.2.0/ V9.3.1 RHEL5(x86)/ RHEL5(Intel64) FJSVihs T004339LP-05
Interstage Application Server Enterprise Edition for Linux V10.0.0 RHEL5(x86)/ RHEL5(Intel64) FJSVihs T006038LP-02
Interstage Application Server Standard-J Edition for Linux V9.0.0 RHEL5(x86)/ RHEL5(Intel64) FJSVihs T001044LP-07
Interstage Application Server Standard-J Edition for Linux V9.1.0/ V9.1.0B RHEL5(x86)/ RHEL5(Intel64) FJSVihs T002177LP-06
Interstage Application Server Standard-J Edition for Linux V9.2.0/ V9.3.1 RHEL5(x86)/ RHEL5(Intel64) FJSVihs T004339LP-05
Interstage Application Server Standard-J Edition for Linux V10.0.0 RHEL5(x86)/ RHEL5(Intel64) FJSVihs T006038LP-02
Interstage Application Server Enterprise Edition for Linux V9.3.1 RHEL6(x86)/ RHEL6(Intel64) FJSVihs T006033LP-02
Interstage Application Server Enterprise Edition for Linux V10.0.0 RHEL6(x86)/ RHEL6(Intel64) FJSVihs T006039LP-02
Interstage Application Server Standard-J Edition for Linux V9.3.1 RHEL6(x86)/ RHEL6(Intel64) FJSVihs T006033LP-02
Interstage Application Server Standard-J Edition for Linux V10.0.0 RHEL6(x86)/ RHEL6(Intel64) FJSVihs T006039LP-02
Interstage Application Server Enterprise Edition for Linux[*b] V9.0.0/ V9.0.0A RHEL-AS4(IPF) FJSVihs T001002QP-07
Interstage Application Server Enterprise Edition for Linux V9.1.0 RHEL-AS4(IPF) FJSVihs T002178QP-06
Interstage Application Server Enterprise Edition for Linux V9.2.0 RHEL-AS4(IPF) FJSVihs T004340QP-05
Interstage Application Server Standard-J Edition for Linux[*b] V9.0.0 RHEL-AS4(IPF) FJSVihs T001002QP-07
Interstage Application Server Standard-J Edition for Linux V9.1.0 RHEL-AS4(IPF) FJSVihs T002178QP-06
Interstage Application Server Standard-J Edition for Linux V9.2.0 RHEL-AS4(IPF) FJSVihs T004340QP-05
Interstage Application Server Enterprise Edition for Linux[*c] V9.0.0/ V9.0.0A RHEL5(IPF) FJSVihs T001043QP-07
Interstage Application Server Enterprise Edition for Linux V9.1.0 RHEL5(IPF) FJSVihs T002179QP-06
Interstage Application Server Enterprise Edition for Linux V9.2.0 RHEL5(IPF) FJSVihs T004341QP-05
Interstage Application Server Standard-J Edition for Linux[*c] V9.0.0 RHEL5(IPF) FJSVihs T001043QP-07
Interstage Application Server Standard-J Edition for Linux V9.1.0 RHEL5(IPF) FJSVihs T002179QP-06
Interstage Application Server Standard-J Edition for Linux V9.2.0 RHEL5(IPF) FJSVihs T004341QP-05
Interstage Application Server Enterprise Edition for Linux V9.2.0/ V9.3.1 RHEL5(Intel64) FJSVihs T004342LP-05
Interstage Application Server Enterprise Edition for Linux V10.0.0 RHEL5(Intel64) FJSVihs T006040LP-02
Interstage Application Server Standard-J Edition for Linux V9.2.0/ V9.3.1 RHEL5(Intel64) FJSVihs T004342LP-05
Interstage Application Server Standard-J Edition for Linux V10.0.0 RHEL5(Intel64) FJSVihs T006040LP-02
Interstage Application Server Enterprise Edition for Linux V9.3.1 RHEL6(Intel64) FJSVihs T006034LP-02
Interstage Application Server Enterprise Edition for Linux V10.0.0 RHEL6(Intel64) FJSVihs T006041LP-02
Interstage Application Server Standard-J Edition for Linux V9.3.1 RHEL6(Intel64) FJSVihs T006034LP-02
Interstage Application Server Standard-J Edition for Linux V10.0.0 RHEL6(Intel64) FJSVihs T006041LP-02
Interstage Studio
Products Version Target OS Package name Patch ID.
Interstage Studio Enterprise Edition for Windows[*a] V9.0.0 Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows XP/ Windows Vista F3FMihs T001001WP-08
Interstage Studio Enterprise Edition for Windows V9.1.0/ V9.1.0B Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows XP/ Windows Vista F3FMihs T002174WP-06
Interstage Studio Enterprise Edition for Windows V9.2.0 Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7 F3FMihs T004344WP-05
Interstage Studio Standard-J Edition for Windows[*a] V9.0.0 Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows XP/ Windows Vista F3FMihs T001001WP-08
Interstage Studio Standard-J Edition for Windows V9.1.0/ V9.1.0B Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows XP/ Windows Vista F3FMihs T002174WP-06
Interstage Studio Standard-J Edition for Windows V9.2.0 Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7 F3FMihs T004344WP-05
Interstage Studio Standard-J Edition for Windows V10.0.0 Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7 F3FMihs T006036WP-02

For the Patches, please contact a Fujitsu system engineer or your partner(s).

[*a] This vulnerability only appears when T001001WP-01 to 07 are installed.

[*b] This vulnerability only appears when T001002QP-01 to 06 are installed.

[*c] This vulnerability only appears when T001043QP-01 to 06 are installed.



Note: Determining the affected product

To check the software version, refer to the "FUJITSU SOFTWARE RELEASE GUIDE" supplied with the product.

3-3. Workaround

None.

4. Related information

None.

5. Revision history

  • November 26th, 2013: Initial release