Interstage HTTP Server: Buffer Overflow Vulnerability in Log Feature. November 26th, 2013


Notes on using this web page

1. Description

A vulnerability has been confirmed where a buffer overflow occurs in the Interstage HTTP Server log feature (ihsrlog/rotatelogs).

Fujitsu provides security patches shown in 3.
Please apply them as soon as possible.

2. Impact

This vulnerability allows a malicious third party to execute an arbitrary code.

3. Affected systems and corresponding action

3-1. Affected systems:

GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, AT-compatible machine, PRIMEQUEST, SPARC Enterprise

3-2. Affected products and required patch

Interstage Application Server
ProductsVersionTarget OSPackage namePatch ID.
Interstage Application Server Enterprise Edition for Windows[*a]V9.0.0/ V9.0.0AWindows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2F3FMihsT001001WP-08
Interstage Application Server Enterprise Edition for WindowsV9.1.0/ V9.1.0BWindows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008F3FMihsT002174WP-06
Interstage Application Server Enterprise Edition for WindowsV9.2.0Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2F3FMihsT004344WP-05
Interstage Application Server Enterprise Edition for WindowsV10.0.0Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2F3FMihsT006036WP-02
Interstage Application Server Standard-J Edition for Windows[*a]V9.0.0/ V9.0.0A/ V9.0.0BWindows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2F3FMihsT001001WP-08
Interstage Application Server Standard-J Edition for WindowsV9.1.0/ V9.1.0BWindows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008F3FMihsT002174WP-06
Interstage Application Server Standard-J Edition for WindowsV9.2.0Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2F3FMihsT004344WP-05
Interstage Application Server Standard-J Edition for WindowsV10.0.0Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2F3FMihsT006036WP-02
Interstage Application Server Enterprise Edition for WindowsV9.0.0Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2F3FMihsT001005IP-07
Interstage Application Server Enterprise Edition for WindowsV9.1.0Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008F3FMihsT002175IP-06
Interstage Application Server Enterprise Edition for WindowsV9.2.0Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008F3FMihsT004345IP-05
Interstage Application Server Standard-J Edition for WindowsV9.0.0Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2F3FMihsT001005IP-07
Interstage Application Server Standard-J Edition for WindowsV9.1.0Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008F3FMihsT002175IP-06
Interstage Application Server Standard-J Edition for WindowsV9.2.0Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008F3FMihsT004345IP-05
Interstage Application Server Enterprise Edition for WindowsV9.2.0Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2F3FMihsT004346XP-05
Interstage Application Server Enterprise Edition for WindowsV10.0.0Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2F3FMihsT006037XP-02
Interstage Application Server Standard-J Edition for WindowsV9.2.0Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2F3FMihsT004346XP-05
Interstage Application Server Standard-J Edition for WindowsV10.0.0Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2F3FMihsT006037XP-02
Interstage Application Server Enterprise EditionV9.0.0/ V9.0.0BSolaris 9/ 10FJSVihsT001004SP-09
Interstage Application Server Enterprise EditionV9.1.0/ V9.1.0BSolaris 9/ 10FJSVihsT002180SP-07
Interstage Application Server Enterprise EditionV9.2.0Solaris 9/ 10FJSVihsT004343SP-05
Interstage Application Server Enterprise EditionV10.0.0Solaris 9/ 10FJSVihsT006035SP-02
Interstage Application Server Standard-J EditionV9.0.0Solaris 9/ 10FJSVihsT001004SP-09
Interstage Application Server Standard-J EditionV9.1.0/ V9.1.0BSolaris 9/ 10FJSVihsT002180SP-07
Interstage Application Server Standard-J EditionV9.2.0Solaris 9/ 10FJSVihsT004343SP-05
Interstage Application Server Standard-J EditionV10.0.0Solaris 9/ 10FJSVihsT006035SP-02
Interstage Application Server Enterprise Edition for LinuxV9.0.0RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT001003LP-07
Interstage Application Server Enterprise Edition for LinuxV9.1.0/ V9.1.0BRHEL-AS4(x86)/ AS4(EM64T)FJSVihsT002176LP-06
Interstage Application Server Enterprise Edition for LinuxV9.2.0/ V9.3.1RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT004338LP-05
Interstage Application Server Standard-J Edition for LinuxV9.0.0RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT001003LP-07
Interstage Application Server Standard-J Edition for LinuxV9.1.0/ V9.1.0BRHEL-AS4(x86)/ AS4(EM64T)FJSVihsT002176LP-06
Interstage Application Server Standard-J Edition for LinuxV9.2.0/ V9.3.1RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT004338LP-05
Interstage Application Server Enterprise Edition for LinuxV9.0.0RHEL5(x86)/ RHEL5(Intel64)FJSVihsT001044LP-07
Interstage Application Server Enterprise Edition for LinuxV9.1.0/ V9.1.0BRHEL5(x86)/ RHEL5(Intel64)FJSVihsT002177LP-06
Interstage Application Server Enterprise Edition for LinuxV9.2.0/ V9.3.1RHEL5(x86)/ RHEL5(Intel64)FJSVihsT004339LP-05
Interstage Application Server Enterprise Edition for LinuxV10.0.0RHEL5(x86)/ RHEL5(Intel64)FJSVihsT006038LP-02
Interstage Application Server Standard-J Edition for LinuxV9.0.0RHEL5(x86)/ RHEL5(Intel64)FJSVihsT001044LP-07
Interstage Application Server Standard-J Edition for LinuxV9.1.0/ V9.1.0BRHEL5(x86)/ RHEL5(Intel64)FJSVihsT002177LP-06
Interstage Application Server Standard-J Edition for LinuxV9.2.0/ V9.3.1RHEL5(x86)/ RHEL5(Intel64)FJSVihsT004339LP-05
Interstage Application Server Standard-J Edition for LinuxV10.0.0RHEL5(x86)/ RHEL5(Intel64)FJSVihsT006038LP-02
Interstage Application Server Enterprise Edition for LinuxV9.3.1RHEL6(x86)/ RHEL6(Intel64)FJSVihsT006033LP-02
Interstage Application Server Enterprise Edition for LinuxV10.0.0RHEL6(x86)/ RHEL6(Intel64)FJSVihsT006039LP-02
Interstage Application Server Standard-J Edition for LinuxV9.3.1RHEL6(x86)/ RHEL6(Intel64)FJSVihsT006033LP-02
Interstage Application Server Standard-J Edition for LinuxV10.0.0RHEL6(x86)/ RHEL6(Intel64)FJSVihsT006039LP-02
Interstage Application Server Enterprise Edition for Linux[*b]V9.0.0/ V9.0.0ARHEL-AS4(IPF)FJSVihsT001002QP-07
Interstage Application Server Enterprise Edition for LinuxV9.1.0RHEL-AS4(IPF)FJSVihsT002178QP-06
Interstage Application Server Enterprise Edition for LinuxV9.2.0RHEL-AS4(IPF)FJSVihsT004340QP-05
Interstage Application Server Standard-J Edition for Linux[*b]V9.0.0RHEL-AS4(IPF)FJSVihsT001002QP-07
Interstage Application Server Standard-J Edition for LinuxV9.1.0RHEL-AS4(IPF)FJSVihsT002178QP-06
Interstage Application Server Standard-J Edition for LinuxV9.2.0RHEL-AS4(IPF)FJSVihsT004340QP-05
Interstage Application Server Enterprise Edition for Linux[*c]V9.0.0/ V9.0.0ARHEL5(IPF)FJSVihsT001043QP-07
Interstage Application Server Enterprise Edition for LinuxV9.1.0RHEL5(IPF)FJSVihsT002179QP-06
Interstage Application Server Enterprise Edition for LinuxV9.2.0RHEL5(IPF)FJSVihsT004341QP-05
Interstage Application Server Standard-J Edition for Linux[*c]V9.0.0RHEL5(IPF)FJSVihsT001043QP-07
Interstage Application Server Standard-J Edition for LinuxV9.1.0RHEL5(IPF)FJSVihsT002179QP-06
Interstage Application Server Standard-J Edition for LinuxV9.2.0RHEL5(IPF)FJSVihsT004341QP-05
Interstage Application Server Enterprise Edition for LinuxV9.2.0/ V9.3.1RHEL5(Intel64)FJSVihsT004342LP-05
Interstage Application Server Enterprise Edition for LinuxV10.0.0RHEL5(Intel64)FJSVihsT006040LP-02
Interstage Application Server Standard-J Edition for LinuxV9.2.0/ V9.3.1RHEL5(Intel64)FJSVihsT004342LP-05
Interstage Application Server Standard-J Edition for LinuxV10.0.0RHEL5(Intel64)FJSVihsT006040LP-02
Interstage Application Server Enterprise Edition for LinuxV9.3.1RHEL6(Intel64)FJSVihsT006034LP-02
Interstage Application Server Enterprise Edition for LinuxV10.0.0RHEL6(Intel64)FJSVihsT006041LP-02
Interstage Application Server Standard-J Edition for LinuxV9.3.1RHEL6(Intel64)FJSVihsT006034LP-02
Interstage Application Server Standard-J Edition for LinuxV10.0.0RHEL6(Intel64)FJSVihsT006041LP-02
Interstage Studio
ProductsVersionTarget OSPackage namePatch ID.
Interstage Studio Enterprise Edition for Windows[*a]V9.0.0Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows XP/ Windows VistaF3FMihsT001001WP-08
Interstage Studio Enterprise Edition for WindowsV9.1.0/ V9.1.0BWindows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows XP/ Windows VistaF3FMihsT002174WP-06
Interstage Studio Enterprise Edition for WindowsV9.2.0Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7F3FMihsT004344WP-05
Interstage Studio Standard-J Edition for Windows[*a]V9.0.0Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows XP/ Windows VistaF3FMihsT001001WP-08
Interstage Studio Standard-J Edition for WindowsV9.1.0/ V9.1.0BWindows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows XP/ Windows VistaF3FMihsT002174WP-06
Interstage Studio Standard-J Edition for WindowsV9.2.0Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7F3FMihsT004344WP-05
Interstage Studio Standard-J Edition for WindowsV10.0.0Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7F3FMihsT006036WP-02

For the Patches, please contact a Fujitsu system engineer or your partner(s).

[*a] This vulnerability only appears when T001001WP-01 to 07 are installed.

[*b] This vulnerability only appears when T001002QP-01 to 06 are installed.

[*c] This vulnerability only appears when T001043QP-01 to 06 are installed.



Note: Determining the affected product

To check the software version, refer to the "FUJITSU SOFTWARE RELEASE GUIDE" supplied with the product.

3-3. Workaround

None.

4. Related information

None.

5. Revision history

  • November 26th, 2013: Initial release


Top of Page