GTM-MQNC2Z4
Skip to main content
  1. Home >
  2. Support >
  3. Products >
  4. Software >
  5. Security >
  6. Fujitsu Patch & TA Information>
  7. This page provides Security Information.

Interstage Application Server: Buffer Overflow Vulnerability(CVE-2007-6258). October 27th, 2010


Notes on using this web page

1. Description

A buffer overflow vulnerability is confirmed in the Servlet Service.

2. Impact

This vulnerability may allow a remote third person to execute arbitrary code.

For a severity assessment of this vulnerability, see National Vulnerability Database information in "4. Related information".(Japanese only).

3. Affected systems and corresponding action

3-1. Affected systems:

GP7000F, PRIMEPOWER, SPARC Enterprise, PRIMERGY, GP5000, CELSIUS, FMV series, AT compatible machines, PRIMEQUEST

3-2. Affected products and required patch

Interstage Application Server
Products Target OS Package name Patch ID.
Interstage Application Server Enterprise Edition 6.0 Solaris 7, 8, 9 FJSVjs4 *
Interstage Application Server Enterprise Edition 7.0 Solaris 8, 9 FJSVjs4 *
Interstage Application Server Enterprise Edition 7.0.1 Solaris 8, 9, 10 FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.0 Solaris 9, 10 FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.2 Solaris 9, 10 FJSVjs4 *
Interstage Application Server Enterprise Edition V9.0.0 Solaris 9, 10 FJSVjs5 *
Interstage Application Server Standard-J Edition V8.0.0 Solaris 9, 10 FJSVjs4 *
Interstage Application Server Standard-J Edition V8.0.2 Solaris 9, 10 FJSVjs4 *
Interstage Application Server Standard-J Edition V9.0.0 Solaris 9, 10 FJSVjs5 *
Interstage Application Server Plus 7.0 Solaris 8, 9 FJSVjs4 *
Interstage Application Server Plus 7.0.1 Solaris 8, 9, 10 FJSVjs4 *
Interstage Application Server Enterprise Edition V6.0 for Windows Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0 F3FMjs4 *
Interstage Application Server Enterprise Edition V7.0 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Enterprise Edition V7.0.1 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Enterprise Edition V8.0.0 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Enterprise Edition V8.0.1 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Enterprise Edition V8.0.2 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Enterprise Edition V9.0.0 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs5 *
Interstage Application Server Enterprise Edition V9.0.0A for Windows Windows Server 2003/ Windows 2000 Server F3FMjs5 *
Interstage Application Server Standard-J Edition V8.0.0 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Standard-J Edition V8.0.1 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Standard-J Edition V8.0.2 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Standard-J Edition V9.0.0 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs5 *
Interstage Application Server Standard-J Edition V9.0.0A for Windows Windows Server 2003/ Windows 2000 Server F3FMjs5 *
Interstage Application Server Plus V6.0 for Windows Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0 F3FMjs4 *
Interstage Application Server Plus V7.0 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Plus V7.0.1 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Plus Developer V6.0 for Windows Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0/ Windows XP F3FMjs4 *
Interstage Application Server Plus Developer V7.0 for Windows Windows Server 2003/ Windows 2000 Server/ Windows XP F3FMjs4 *
Interstage Application Server Enterprise Edition V8.0.0 for Windows Windows Server 2003(IPF) F3FMjs4 *
Interstage Application Server Enterprise Edition V9.0.0 for Windows Windows Server 2003(IPF) F3FMjs5 *
Interstage Application Server Standard-J Edition V9.0.0 for Windows Windows Server 2003(IPF) F3FMjs5 *
Interstage Application Server Enterprise Edition V6.0 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs4 *
Interstage Application Server Enterprise Edition V7.0 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs4 *
Interstage Application Server Enterprise Edition V7.0.1 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.0 for Linux RHEL-AS4(x86)/ AS4(EM64T) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.2 for Linux RHEL-AS4(x86)/ AS4(EM64T) FJSVjs4 *
Interstage Application Server Enterprise Edition V9.0.0 for Linux RHEL-AS4(x86)/ AS4(EM64T) FJSVjs5 *
Interstage Application Server Enterprise Edition V9.0.0 for Linux RHEL5(x86)/ RHEL5(Intel64) FJSVjs5 *
Interstage Application Server Standard-J Edition V8.0.0 for Linux RHEL-AS4(x86)/ AS4(EM64T) FJSVjs4 *
Interstage Application Server Standard-J Edition V8.0.2 for Linux RHEL-AS4(x86)/ AS4(EM64T) FJSVjs4 *
Interstage Application Server Standard-J Edition V9.0.0 for Linux RHEL-AS4(x86)/ AS4(EM64T) FJSVjs5 *
Interstage Application Server Standard-J Edition V9.0.0 for Linux RHEL5(x86)/ RHEL5(Intel64) FJSVjs5 *
Interstage Application Server Plus V7.0 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs4 *
Interstage Application Server Plus V7.0.1 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs4 *
Interstage Application Server Enterprise Edition V7.0 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.0 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.1 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.2 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Application Server Enterprise Edition V9.0.0 for Linux RHEL-AS4(IPF) FJSVjs5 *
Interstage Application Server Enterprise Edition V9.0.0 for Linux RHEL5(IPF) FJSVjs5 *
Interstage Application Server Enterprise Edition V9.0.0A for Linux RHEL-AS4(IPF) FJSVjs5 *
Interstage Application Server Enterprise Edition V9.0.0A for Linux RHEL5(IPF) FJSVjs5 *
Interstage Application Server Standard-J Edition V9.0.0 for Linux RHEL-AS4(IPF) FJSVjs5 *
Interstage Application Server Standard-J Edition V9.0.0 for Linux RHEL5(IPF) FJSVjs5 *
Interstage Apworks/Studio
Products Target OS Package name Patch ID.
Interstage Apworks Modelers-J Edition V6.0 for Windows Windows 2000 Server/ Windows XP F3FMjs4 *
Interstage Apworks Modelers-J Edition V6.0A for Windows Windows 2000 Server/ Windows XP F3FMjs4 *
Interstage Apworks Modelers-J Edition V7.0 for Windows Windows Server 2003/ Windows 2000 Server/ Windows XP F3FMjs4 *
Interstage Studio Enterprise Edition 8.0.1 for Windows Windows Server 2003/ Windows 2000 Server/ Windows XP F3FMjs4 *
Interstage Studio Enterprise Edition 9.0.0 for Windows Windows Server 2003/ Windows 2000 Server/ Windows XP/ Windows Vista F3FMjs5 *
Interstage Studio Standard-J Edition 8.0.1 for Windows Windows Server 2003/ Windows 2000 Server/ Windows XP F3FMjs4 *
Interstage Studio Standard-J Edition 9.0.0 for Windows Windows Server 2003/ Windows 2000 Server/ Windows XP/ Windows Vista F3FMjs5 *
Interstage Business Application Server
Products Target OS Package name Patch ID.
Interstage Business Application Server Enterprise Edition 8.0.0 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Job Workload Server
Products Target OS Package name Patch ID.
Interstage Job Workload Server 8.1.0 for Linux RHEL-AS4(IPF) FJSVjs4 *


* For the Patches without ID nor link, please contact a Fujitsu system engineer or your partner(s).


Note: Determining the affected product

  • [V6 series]
    space
    • Solaris
      To see package information on the FJSVisas package, the following command can be run:
        pkginfo -l FJSVisas
    • Windows
      See the title in the Software Release Guide.
        [Start]
          -> [Program]
            -> [Interstage]
              -> [Application Server | Apworks]
                -> [Software Release Guide]
    • Linux
      To see package information on the FJSVisas package, the following command can be run:
        rpm -q FJSVisas
  • [V7 series or later]
    Use the isprintvl command.
      isprintvl

3-3. Workaround

None.

4. Related information

This problem corresponds to the following vulnerabilities.

5. Revision history

  • October 27th, 2010: Initial release