Interstage HTTP Server: Buffer Overflow Vulnerability in Log Feature. November 26th, 2013
1. Description
A vulnerability has been confirmed where a buffer overflow occurs in the Interstage HTTP Server log feature (ihsrlog/rotatelogs).
Fujitsu provides security patches shown in 3.
Please apply them as soon as possible.
2. Impact
This vulnerability allows a malicious third party to execute an arbitrary code.
3. Affected systems and corresponding action
3-1. Affected systems:
GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, AT-compatible machine, PRIMEQUEST, SPARC Enterprise
3-2. Affected products and required patch
Products | Version | Target OS | Package name | Patch ID. |
---|---|---|---|---|
Interstage Application Server Enterprise Edition for Windows[*a] | V9.0.0/ V9.0.0A | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2 | F3FMihs | T001001WP-08 |
Interstage Application Server Enterprise Edition for Windows | V9.1.0/ V9.1.0B | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008 | F3FMihs | T002174WP-06 |
Interstage Application Server Enterprise Edition for Windows | V9.2.0 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 | F3FMihs | T004344WP-05 |
Interstage Application Server Enterprise Edition for Windows | V10.0.0 | Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 | F3FMihs | T006036WP-02 |
Interstage Application Server Standard-J Edition for Windows[*a] | V9.0.0/ V9.0.0A/ V9.0.0B | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2 | F3FMihs | T001001WP-08 |
Interstage Application Server Standard-J Edition for Windows | V9.1.0/ V9.1.0B | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008 | F3FMihs | T002174WP-06 |
Interstage Application Server Standard-J Edition for Windows | V9.2.0 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 | F3FMihs | T004344WP-05 |
Interstage Application Server Standard-J Edition for Windows | V10.0.0 | Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 | F3FMihs | T006036WP-02 |
Interstage Application Server Enterprise Edition for Windows | V9.0.0 | Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2 | F3FMihs | T001005IP-07 |
Interstage Application Server Enterprise Edition for Windows | V9.1.0 | Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 | F3FMihs | T002175IP-06 |
Interstage Application Server Enterprise Edition for Windows | V9.2.0 | Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 | F3FMihs | T004345IP-05 |
Interstage Application Server Standard-J Edition for Windows | V9.0.0 | Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2 | F3FMihs | T001005IP-07 |
Interstage Application Server Standard-J Edition for Windows | V9.1.0 | Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 | F3FMihs | T002175IP-06 |
Interstage Application Server Standard-J Edition for Windows | V9.2.0 | Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 | F3FMihs | T004345IP-05 |
Interstage Application Server Enterprise Edition for Windows | V9.2.0 | Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 | F3FMihs | T004346XP-05 |
Interstage Application Server Enterprise Edition for Windows | V10.0.0 | Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 | F3FMihs | T006037XP-02 |
Interstage Application Server Standard-J Edition for Windows | V9.2.0 | Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 | F3FMihs | T004346XP-05 |
Interstage Application Server Standard-J Edition for Windows | V10.0.0 | Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 | F3FMihs | T006037XP-02 |
Interstage Application Server Enterprise Edition | V9.0.0/ V9.0.0B | Solaris 9/ 10 | FJSVihs | T001004SP-09 |
Interstage Application Server Enterprise Edition | V9.1.0/ V9.1.0B | Solaris 9/ 10 | FJSVihs | T002180SP-07 |
Interstage Application Server Enterprise Edition | V9.2.0 | Solaris 9/ 10 | FJSVihs | T004343SP-05 |
Interstage Application Server Enterprise Edition | V10.0.0 | Solaris 9/ 10 | FJSVihs | T006035SP-02 |
Interstage Application Server Standard-J Edition | V9.0.0 | Solaris 9/ 10 | FJSVihs | T001004SP-09 |
Interstage Application Server Standard-J Edition | V9.1.0/ V9.1.0B | Solaris 9/ 10 | FJSVihs | T002180SP-07 |
Interstage Application Server Standard-J Edition | V9.2.0 | Solaris 9/ 10 | FJSVihs | T004343SP-05 |
Interstage Application Server Standard-J Edition | V10.0.0 | Solaris 9/ 10 | FJSVihs | T006035SP-02 |
Interstage Application Server Enterprise Edition for Linux | V9.0.0 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T001003LP-07 |
Interstage Application Server Enterprise Edition for Linux | V9.1.0/ V9.1.0B | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T002176LP-06 |
Interstage Application Server Enterprise Edition for Linux | V9.2.0/ V9.3.1 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T004338LP-05 |
Interstage Application Server Standard-J Edition for Linux | V9.0.0 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T001003LP-07 |
Interstage Application Server Standard-J Edition for Linux | V9.1.0/ V9.1.0B | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T002176LP-06 |
Interstage Application Server Standard-J Edition for Linux | V9.2.0/ V9.3.1 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T004338LP-05 |
Interstage Application Server Enterprise Edition for Linux | V9.0.0 | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T001044LP-07 |
Interstage Application Server Enterprise Edition for Linux | V9.1.0/ V9.1.0B | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T002177LP-06 |
Interstage Application Server Enterprise Edition for Linux | V9.2.0/ V9.3.1 | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T004339LP-05 |
Interstage Application Server Enterprise Edition for Linux | V10.0.0 | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T006038LP-02 |
Interstage Application Server Standard-J Edition for Linux | V9.0.0 | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T001044LP-07 |
Interstage Application Server Standard-J Edition for Linux | V9.1.0/ V9.1.0B | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T002177LP-06 |
Interstage Application Server Standard-J Edition for Linux | V9.2.0/ V9.3.1 | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T004339LP-05 |
Interstage Application Server Standard-J Edition for Linux | V10.0.0 | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T006038LP-02 |
Interstage Application Server Enterprise Edition for Linux | V9.3.1 | RHEL6(x86)/ RHEL6(Intel64) | FJSVihs | T006033LP-02 |
Interstage Application Server Enterprise Edition for Linux | V10.0.0 | RHEL6(x86)/ RHEL6(Intel64) | FJSVihs | T006039LP-02 |
Interstage Application Server Standard-J Edition for Linux | V9.3.1 | RHEL6(x86)/ RHEL6(Intel64) | FJSVihs | T006033LP-02 |
Interstage Application Server Standard-J Edition for Linux | V10.0.0 | RHEL6(x86)/ RHEL6(Intel64) | FJSVihs | T006039LP-02 |
Interstage Application Server Enterprise Edition for Linux[*b] | V9.0.0/ V9.0.0A | RHEL-AS4(IPF) | FJSVihs | T001002QP-07 |
Interstage Application Server Enterprise Edition for Linux | V9.1.0 | RHEL-AS4(IPF) | FJSVihs | T002178QP-06 |
Interstage Application Server Enterprise Edition for Linux | V9.2.0 | RHEL-AS4(IPF) | FJSVihs | T004340QP-05 |
Interstage Application Server Standard-J Edition for Linux[*b] | V9.0.0 | RHEL-AS4(IPF) | FJSVihs | T001002QP-07 |
Interstage Application Server Standard-J Edition for Linux | V9.1.0 | RHEL-AS4(IPF) | FJSVihs | T002178QP-06 |
Interstage Application Server Standard-J Edition for Linux | V9.2.0 | RHEL-AS4(IPF) | FJSVihs | T004340QP-05 |
Interstage Application Server Enterprise Edition for Linux[*c] | V9.0.0/ V9.0.0A | RHEL5(IPF) | FJSVihs | T001043QP-07 |
Interstage Application Server Enterprise Edition for Linux | V9.1.0 | RHEL5(IPF) | FJSVihs | T002179QP-06 |
Interstage Application Server Enterprise Edition for Linux | V9.2.0 | RHEL5(IPF) | FJSVihs | T004341QP-05 |
Interstage Application Server Standard-J Edition for Linux[*c] | V9.0.0 | RHEL5(IPF) | FJSVihs | T001043QP-07 |
Interstage Application Server Standard-J Edition for Linux | V9.1.0 | RHEL5(IPF) | FJSVihs | T002179QP-06 |
Interstage Application Server Standard-J Edition for Linux | V9.2.0 | RHEL5(IPF) | FJSVihs | T004341QP-05 |
Interstage Application Server Enterprise Edition for Linux | V9.2.0/ V9.3.1 | RHEL5(Intel64) | FJSVihs | T004342LP-05 |
Interstage Application Server Enterprise Edition for Linux | V10.0.0 | RHEL5(Intel64) | FJSVihs | T006040LP-02 |
Interstage Application Server Standard-J Edition for Linux | V9.2.0/ V9.3.1 | RHEL5(Intel64) | FJSVihs | T004342LP-05 |
Interstage Application Server Standard-J Edition for Linux | V10.0.0 | RHEL5(Intel64) | FJSVihs | T006040LP-02 |
Interstage Application Server Enterprise Edition for Linux | V9.3.1 | RHEL6(Intel64) | FJSVihs | T006034LP-02 |
Interstage Application Server Enterprise Edition for Linux | V10.0.0 | RHEL6(Intel64) | FJSVihs | T006041LP-02 |
Interstage Application Server Standard-J Edition for Linux | V9.3.1 | RHEL6(Intel64) | FJSVihs | T006034LP-02 |
Interstage Application Server Standard-J Edition for Linux | V10.0.0 | RHEL6(Intel64) | FJSVihs | T006041LP-02 |
Products | Version | Target OS | Package name | Patch ID. |
---|---|---|---|---|
Interstage Studio Enterprise Edition for Windows[*a] | V9.0.0 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows XP/ Windows Vista | F3FMihs | T001001WP-08 |
Interstage Studio Enterprise Edition for Windows | V9.1.0/ V9.1.0B | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows XP/ Windows Vista | F3FMihs | T002174WP-06 |
Interstage Studio Enterprise Edition for Windows | V9.2.0 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7 | F3FMihs | T004344WP-05 |
Interstage Studio Standard-J Edition for Windows[*a] | V9.0.0 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows XP/ Windows Vista | F3FMihs | T001001WP-08 |
Interstage Studio Standard-J Edition for Windows | V9.1.0/ V9.1.0B | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows XP/ Windows Vista | F3FMihs | T002174WP-06 |
Interstage Studio Standard-J Edition for Windows | V9.2.0 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7 | F3FMihs | T004344WP-05 |
Interstage Studio Standard-J Edition for Windows | V10.0.0 | Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7 | F3FMihs | T006036WP-02 |
For the Patches, please contact a Fujitsu system engineer or your partner(s).
[*a] This vulnerability only appears when T001001WP-01 to 07 are installed.
[*b] This vulnerability only appears when T001002QP-01 to 06 are installed.
[*c] This vulnerability only appears when T001043QP-01 to 06 are installed.
Note: Determining the affected product
To check the software version, refer to the "FUJITSU SOFTWARE RELEASE GUIDE" supplied with the product.
3-3. Workaround
None.
4. Related information
None.
5. Revision history
- November 26th, 2013: Initial release