Interstage HTTP Server: ログ機能におけるバッファオーバーフローの脆弱性 (2013年11月26日)
1. 脆弱性の説明
Interstage HTTP Serverのログ機能(ihsrlog/rotatelogs)において、バッファオーバーフローの脆弱性の問題が確認されました。
Interstageについては以下のページを参照してください。
http://www.fujitsu.com/jp/products/software/middleware/business-middleware/interstage/
富士通は、3.に示すセキュリティパッチを提供していますので、早急に適用する様にお願いします。
2. 脆弱性のもたらす脅威
悪意のある第三者によって、任意のコードが実行される可能性があります。
3. 該当システム・対策情報
3-1.該当システム
GP7000F, PRIMEPOWER, GP-S, PRIMERGY, GP5000, CELSIUS, FMVシリーズ, AT互換機, PRIMEQUEST, SPARC Enterprise
3-2.該当製品・対策Patch
・Interstage Application Server
・Interstage Studio
・Interstage Web Server
製品名 | バージョン | 対象OS | パッケージ名 | Patch ID |
---|---|---|---|---|
Interstage Application Server Enterprise Edition[※a] | V9.0.0 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2 | F3FMihs | T001001WP-08 |
Interstage Application Server Enterprise Edition | V9.1.0/ V9.1.0B | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 | F3FMihs | T002174WP-06 |
Interstage Application Server Enterprise Edition | V9.2.0/ V9.2.0A | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 | F3FMihs | T004344WP-05 |
Interstage Application Server Enterprise Edition | V9.3.0 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 | F3FMihs | T004726WP-04 |
Interstage Application Server Enterprise Edition | V10.0.0 | Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 | F3FMihs | T006036WP-02 |
Interstage Application Server Enterprise Edition | V10.1.0 | Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows Small Business Server 2011 | F3FMihs | T006383WP-01 |
Interstage Application Server Standard-J Edition[※a] | V9.0.0/ V9.0.0B | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2 | F3FMihs | T001001WP-08 |
Interstage Application Server Standard-J Edition | V9.1.0/ V9.1.0B | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 | F3FMihs | T002174WP-06 |
Interstage Application Server Standard-J Edition | V9.2.0/ V9.2.0A | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 | F3FMihs | T004344WP-05 |
Interstage Application Server Standard-J Edition | V10.0.0 | Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 | F3FMihs | T006036WP-02 |
Interstage Application Server Standard-J Edition | V10.1.0 | Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows Small Business Server 2011 | F3FMihs | T006383WP-01 |
Interstage Application Server Enterprise Edition | V9.0.0 | Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2 | F3FMihs | T001005IP-07 |
Interstage Application Server Enterprise Edition | V9.1.0 | Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 | F3FMihs | T002175IP-06 |
Interstage Application Server Enterprise Edition | V9.2.0 | Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 | F3FMihs | T004345IP-05 |
Interstage Application Server Standard-J Edition | V9.0.0 | Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2 | F3FMihs | T001005IP-07 |
Interstage Application Server Standard-J Edition | V9.1.0 | Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 | F3FMihs | T002175IP-06 |
Interstage Application Server Standard-J Edition | V9.2.0 | Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 | F3FMihs | T004345IP-05 |
Interstage Application Server Enterprise Edition | V9.2.0 | Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 | F3FMihs | T004346XP-05 |
Interstage Application Server Enterprise Edition | V9.3.0 | Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 | F3FMihs | T005232XP-03 |
Interstage Application Server Enterprise Edition | V10.0.0 | Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 | F3FMihs | T006037XP-02 |
Interstage Application Server Standard-J Edition | V9.2.0 | Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 | F3FMihs | T004346XP-05 |
Interstage Application Server Standard-J Edition | V10.0.0 | Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 | F3FMihs | T006037XP-02 |
Interstage Application Server Enterprise Edition | V9.0.0/ V9.0.0B | Solaris 9/ 10 | FJSVihs | T001004SP-09 |
Interstage Application Server Enterprise Edition | V9.1.0/ V9.1.0A/ V9.1.0B | Solaris 9/ 10 | FJSVihs | T002180SP-07 |
Interstage Application Server Enterprise Edition | V9.2.0 | Solaris 9/ 10 | FJSVihs | T004343SP-05 |
Interstage Application Server Enterprise Edition | V9.3.0 | Solaris 9/ 10 | FJSVihs | T005233SP-03 |
Interstage Application Server Enterprise Edition | V10.0.0 | Solaris 9/ 10 | FJSVihs | T006035SP-02 |
Interstage Application Server Standard-J Edition | V9.0.0 | Solaris 9/ 10 | FJSVihs | T001004SP-09 |
Interstage Application Server Standard-J Edition | V9.1.0/ V9.1.0A/ V9.1.0B | Solaris 9/ 10 | FJSVihs | T002180SP-07 |
Interstage Application Server Standard-J Edition | V9.2.0/ V9.2.0A | Solaris 9/ 10 | FJSVihs | T004343SP-05 |
Interstage Application Server Standard-J Edition | V10.0.0 | Solaris 9/ 10 | FJSVihs | T006035SP-02 |
Interstage Application Server Enterprise Edition | V9.0.0/ V9.0.0B/ V9.0.1 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T001003LP-07 |
Interstage Application Server Enterprise Edition | V9.1.0/ V9.1.0B | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T002176LP-06 |
Interstage Application Server Enterprise Edition | V9.2.0 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T004338LP-05 |
Interstage Application Server Enterprise Edition | V9.3.0/ V9.3.1 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T005234LP-03 |
Interstage Application Server Standard-J Edition | V9.0.0/ V9.0.1 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T001003LP-07 |
Interstage Application Server Standard-J Edition | V9.1.0/ V9.1.0B | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T002176LP-06 |
Interstage Application Server Standard-J Edition | V9.2.0/ V9.3.1 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T004338LP-05 |
Interstage Application Server Enterprise Edition | V9.0.0/ V9.0.1/ V9.0.1B | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T001044LP-07 |
Interstage Application Server Enterprise Edition | V9.1.0/ V9.1.0B | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T002177LP-06 |
Interstage Application Server Enterprise Edition | V9.2.0 | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T004339LP-05 |
Interstage Application Server Enterprise Edition | V9.3.0/ V9.3.1 | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T005235LP-03 |
Interstage Application Server Enterprise Edition | V10.0.0 | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T006038LP-02 |
Interstage Application Server Standard-J Edition | V9.0.0/ V9.0.0B/ V9.0.1/ V9.0.1B | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T001044LP-07 |
Interstage Application Server Standard-J Edition | V9.1.0/ V9.1.0B | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T002177LP-06 |
Interstage Application Server Standard-J Edition | V9.2.0/ V9.3.1 | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T004339LP-05 |
Interstage Application Server Standard-J Edition | V10.0.0 | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T006038LP-02 |
Interstage Application Server Enterprise Edition | V9.3.1 | RHEL6(x86)/ RHEL6(Intel64) | FJSVihs | T006033LP-02 |
Interstage Application Server Enterprise Edition | V10.0.0 | RHEL6(x86)/ RHEL6(Intel64) | FJSVihs | T006039LP-02 |
Interstage Application Server Standard-J Edition | V9.3.1 | RHEL6(x86)/ RHEL6(Intel64) | FJSVihs | T006033LP-02 |
Interstage Application Server Standard-J Edition | V10.0.0 | RHEL6(x86)/ RHEL6(Intel64) | FJSVihs | T006039LP-02 |
Interstage Application Server Enterprise Edition[※b] | V9.0.0 | RHEL-AS4(IPF) | FJSVihs | T001002QP-07 |
Interstage Application Server Enterprise Edition | V9.1.0 | RHEL-AS4(IPF) | FJSVihs | T002178QP-06 |
Interstage Application Server Enterprise Edition | V9.2.0 | RHEL-AS4(IPF) | FJSVihs | T004340QP-05 |
Interstage Application Server Standard-J Edition[※b] | V9.0.0 | RHEL-AS4(IPF) | FJSVihs | T001002QP-07 |
Interstage Application Server Standard-J Edition | V9.1.0 | RHEL-AS4(IPF) | FJSVihs | T002178QP-06 |
Interstage Application Server Standard-J Edition | V9.2.0 | RHEL-AS4(IPF) | FJSVihs | T004340QP-05 |
Interstage Application Server Enterprise Edition[※c] | V9.0.0 | RHEL5(IPF) | FJSVihs | T001043QP-07 |
Interstage Application Server Enterprise Edition | V9.1.0 | RHEL5(IPF) | FJSVihs | T002179QP-06 |
Interstage Application Server Enterprise Edition | V9.2.0 | RHEL5(IPF) | FJSVihs | T004341QP-05 |
Interstage Application Server Standard-J Edition[※c] | V9.0.0 | RHEL5(IPF) | FJSVihs | T001043QP-07 |
Interstage Application Server Standard-J Edition | V9.1.0 | RHEL5(IPF) | FJSVihs | T002179QP-06 |
Interstage Application Server Standard-J Edition | V9.2.0 | RHEL5(IPF) | FJSVihs | T004341QP-05 |
Interstage Application Server Enterprise Edition | V9.2.0 | RHEL5(Intel64) | FJSVihs | T004342LP-05 |
Interstage Application Server Enterprise Edition | V9.3.0/ V9.3.1 | RHEL5(Intel64) | FJSVihs | T005236LP-03 |
Interstage Application Server Enterprise Edition | V10.0.0 | RHEL5(Intel64) | FJSVihs | T006040LP-02 |
Interstage Application Server Standard-J Edition | V9.2.0/ V9.3.1 | RHEL5(Intel64) | FJSVihs | T004342LP-05 |
Interstage Application Server Standard-J Edition | V10.0.0 | RHEL5(Intel64) | FJSVihs | T006040LP-02 |
Interstage Application Server Enterprise Edition | V9.3.1 | RHEL6(Intel64) | FJSVihs | T006034LP-02 |
Interstage Application Server Enterprise Edition | V10.0.0 | RHEL6(Intel64) | FJSVihs | T006041LP-02 |
Interstage Application Server Standard-J Edition | V9.3.1 | RHEL6(Intel64) | FJSVihs | T006034LP-02 |
Interstage Application Server Standard-J Edition | V10.0.0 | RHEL6(Intel64) | FJSVihs | T006041LP-02 |
製品名 | バージョン | 対象OS | パッケージ名 | Patch ID |
---|---|---|---|---|
Interstage Studio Enterprise Edition[※a] | V9.0.0/ V9.0.0A/ V9.0.1 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows XP/ Windows Vista | F3FMihs | T001001WP-08 |
Interstage Studio Enterprise Edition | V9.1.0/ V9.1.0B | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows XP/ Windows Vista | F3FMihs | T002174WP-06 |
Interstage Studio Enterprise Edition | V9.2.0 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7 | F3FMihs | T004344WP-05 |
Interstage Studio Standard-J Edition[※a] | V9.0.0/ V9.0.0A/ V9.0.1/ V9.0.1A | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows XP/ Windows Vista | F3FMihs | T001001WP-08 |
Interstage Studio Standard-J Edition | V9.1.0/ V9.1.0B | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows XP/ Windows Vista | F3FMihs | T002174WP-06 |
Interstage Studio Standard-J Edition | V9.2.0 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7 | F3FMihs | T004344WP-05 |
Interstage Studio Standard-J Edition | V10.0.0 | Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7 | F3FMihs | T006036WP-02 |
Interstage Studio Standard-J Edition | V10.1.0 | Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7/ Windows Small Business Server 2011 | F3FMihs | T006383WP-01 |
Interstage Studio with UML Modeling Tool[※a] | V9.0.0 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows XP/ Windows Vista | F3FMihs | T001001WP-08 |
Interstage Studio with UML Modeling Tool | V9.1.0/ V9.1.0B | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows XP/ Windows Vista | F3FMihs | T002174WP-06 |
Interstage Studio with UML Modeling Tool | V9.2.0 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7 | F3FMihs | T004344WP-05 |
製品名 | バージョン | 対象OS | パッケージ名 | Patch ID |
---|---|---|---|---|
Interstage Web Server[※a] | V9.0.0 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2 | F3FMihs | T001001WP-08 |
Interstage Web Server | V9.1.0 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 | F3FMihs | T002174WP-06 |
Interstage Web Server | V10.0.0 | Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 | F3FMihs | T006036WP-02 |
Interstage Web Server | V10.1.0 | Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows Small Business Server 2011 | F3FMihs | T006383WP-01 |
Interstage Web Server | V9.0.0 | Solaris 9/ 10 | FJSVihs | T001004SP-09 |
Interstage Web Server | V9.1.0/ V9.1.0A | Solaris 9/ 10 | FJSVihs | T002180SP-07 |
Interstage Web Server | V10.0.0 | Solaris 9/ 10 | FJSVihs | T006035SP-02 |
Interstage Web Server | V9.0.0/ V9.0.1 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T001003LP-07 |
Interstage Web Server | V9.1.0 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T002176LP-06 |
Interstage Web Server | V9.0.0/ V9.0.1 | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T001044LP-07 |
Interstage Web Server | V9.1.0 | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T002177LP-06 |
Interstage Web Server | V10.0.0 | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T006038LP-02 |
Interstage Web Server | V10.0.0 | RHEL6(x86)/ RHEL6(Intel64) | FJSVihs | T006039LP-02 |
[※a] T001001WP-01~07 を適用した場合のみ、本脆弱性に該当します。
[※b] T001002QP-01~06 を適用した場合のみ、本脆弱性に該当します。
[※c] T001043QP-01~06 を適用した場合のみ、本脆弱性に該当します。
パッチ入手に関しては、当社サポートセンターにお問い合わせください。
参考: 該当製品の確認方法
製品のバージョンを確認するには、製品に添付されている「ソフトウェア説明書」を参照してください。
3-3. 回避方法
ありません。
4. 関連情報
ありません。
5. 改版履歴
- 2013年11月26日 新規掲載