Interstage HTTP Server: ログ機能におけるバッファオーバーフローの脆弱性 (2013年11月26日)

本セキュリティサイトについてのご注意

1. 脆弱性の説明

Interstage HTTP Serverのログ機能(ihsrlog/rotatelogs)において、バッファオーバーフローの脆弱性の問題が確認されました。

Interstageについては以下のページを参照してください。
http://www.fujitsu.com/jp/products/software/middleware/business-middleware/interstage/

富士通は、3.に示すセキュリティパッチを提供していますので、早急に適用する様にお願いします。

2. 脆弱性のもたらす脅威

悪意のある第三者によって、任意のコードが実行される可能性があります。

3. 該当システム・対策情報

3-1.該当システム

GP7000F, PRIMEPOWER, GP-S, PRIMERGY, GP5000, CELSIUS, FMVシリーズ, AT互換機, PRIMEQUEST, SPARC Enterprise

3-2.該当製品・対策Patch

・Interstage Application Server
・Interstage Studio
・Interstage Web Server

Interstage Application Server
製品名	バージョン	対象OS	パッケージ名	Patch ID
Interstage Application Server Enterprise Edition[※a]	V9.0.0	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2	F3FMihs	T001001WP-08
Interstage Application Server Enterprise Edition	V9.1.0/ V9.1.0B	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2	F3FMihs	T002174WP-06
Interstage Application Server Enterprise Edition	V9.2.0/ V9.2.0A	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2	F3FMihs	T004344WP-05
Interstage Application Server Enterprise Edition	V9.3.0	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2	F3FMihs	T004726WP-04
Interstage Application Server Enterprise Edition	V10.0.0	Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2	F3FMihs	T006036WP-02
Interstage Application Server Enterprise Edition	V10.1.0	Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows Small Business Server 2011	F3FMihs	T006383WP-01
Interstage Application Server Standard-J Edition[※a]	V9.0.0/ V9.0.0B	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2	F3FMihs	T001001WP-08
Interstage Application Server Standard-J Edition	V9.1.0/ V9.1.0B	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2	F3FMihs	T002174WP-06
Interstage Application Server Standard-J Edition	V9.2.0/ V9.2.0A	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2	F3FMihs	T004344WP-05
Interstage Application Server Standard-J Edition	V10.0.0	Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2	F3FMihs	T006036WP-02
Interstage Application Server Standard-J Edition	V10.1.0	Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows Small Business Server 2011	F3FMihs	T006383WP-01
Interstage Application Server Enterprise Edition	V9.0.0	Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2	F3FMihs	T001005IP-07
Interstage Application Server Enterprise Edition	V9.1.0	Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008	F3FMihs	T002175IP-06
Interstage Application Server Enterprise Edition	V9.2.0	Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008	F3FMihs	T004345IP-05
Interstage Application Server Standard-J Edition	V9.0.0	Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2	F3FMihs	T001005IP-07
Interstage Application Server Standard-J Edition	V9.1.0	Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008	F3FMihs	T002175IP-06
Interstage Application Server Standard-J Edition	V9.2.0	Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008	F3FMihs	T004345IP-05
Interstage Application Server Enterprise Edition	V9.2.0	Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2	F3FMihs	T004346XP-05
Interstage Application Server Enterprise Edition	V9.3.0	Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2	F3FMihs	T005232XP-03
Interstage Application Server Enterprise Edition	V10.0.0	Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2	F3FMihs	T006037XP-02
Interstage Application Server Standard-J Edition	V9.2.0	Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2	F3FMihs	T004346XP-05
Interstage Application Server Standard-J Edition	V10.0.0	Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2	F3FMihs	T006037XP-02
Interstage Application Server Enterprise Edition	V9.0.0/ V9.0.0B	Solaris 9/ 10	FJSVihs	T001004SP-09
Interstage Application Server Enterprise Edition	V9.1.0/ V9.1.0A/ V9.1.0B	Solaris 9/ 10	FJSVihs	T002180SP-07
Interstage Application Server Enterprise Edition	V9.2.0	Solaris 9/ 10	FJSVihs	T004343SP-05
Interstage Application Server Enterprise Edition	V9.3.0	Solaris 9/ 10	FJSVihs	T005233SP-03
Interstage Application Server Enterprise Edition	V10.0.0	Solaris 9/ 10	FJSVihs	T006035SP-02
Interstage Application Server Standard-J Edition	V9.0.0	Solaris 9/ 10	FJSVihs	T001004SP-09
Interstage Application Server Standard-J Edition	V9.1.0/ V9.1.0A/ V9.1.0B	Solaris 9/ 10	FJSVihs	T002180SP-07
Interstage Application Server Standard-J Edition	V9.2.0/ V9.2.0A	Solaris 9/ 10	FJSVihs	T004343SP-05
Interstage Application Server Standard-J Edition	V10.0.0	Solaris 9/ 10	FJSVihs	T006035SP-02
Interstage Application Server Enterprise Edition	V9.0.0/ V9.0.0B/ V9.0.1	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T001003LP-07
Interstage Application Server Enterprise Edition	V9.1.0/ V9.1.0B	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T002176LP-06
Interstage Application Server Enterprise Edition	V9.2.0	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T004338LP-05
Interstage Application Server Enterprise Edition	V9.3.0/ V9.3.1	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T005234LP-03
Interstage Application Server Standard-J Edition	V9.0.0/ V9.0.1	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T001003LP-07
Interstage Application Server Standard-J Edition	V9.1.0/ V9.1.0B	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T002176LP-06
Interstage Application Server Standard-J Edition	V9.2.0/ V9.3.1	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T004338LP-05
Interstage Application Server Enterprise Edition	V9.0.0/ V9.0.1/ V9.0.1B	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T001044LP-07
Interstage Application Server Enterprise Edition	V9.1.0/ V9.1.0B	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T002177LP-06
Interstage Application Server Enterprise Edition	V9.2.0	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T004339LP-05
Interstage Application Server Enterprise Edition	V9.3.0/ V9.3.1	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T005235LP-03
Interstage Application Server Enterprise Edition	V10.0.0	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T006038LP-02
Interstage Application Server Standard-J Edition	V9.0.0/ V9.0.0B/ V9.0.1/ V9.0.1B	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T001044LP-07
Interstage Application Server Standard-J Edition	V9.1.0/ V9.1.0B	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T002177LP-06
Interstage Application Server Standard-J Edition	V9.2.0/ V9.3.1	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T004339LP-05
Interstage Application Server Standard-J Edition	V10.0.0	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T006038LP-02
Interstage Application Server Enterprise Edition	V9.3.1	RHEL6(x86)/ RHEL6(Intel64)	FJSVihs	T006033LP-02
Interstage Application Server Enterprise Edition	V10.0.0	RHEL6(x86)/ RHEL6(Intel64)	FJSVihs	T006039LP-02
Interstage Application Server Standard-J Edition	V9.3.1	RHEL6(x86)/ RHEL6(Intel64)	FJSVihs	T006033LP-02
Interstage Application Server Standard-J Edition	V10.0.0	RHEL6(x86)/ RHEL6(Intel64)	FJSVihs	T006039LP-02
Interstage Application Server Enterprise Edition[※b]	V9.0.0	RHEL-AS4(IPF)	FJSVihs	T001002QP-07
Interstage Application Server Enterprise Edition	V9.1.0	RHEL-AS4(IPF)	FJSVihs	T002178QP-06
Interstage Application Server Enterprise Edition	V9.2.0	RHEL-AS4(IPF)	FJSVihs	T004340QP-05
Interstage Application Server Standard-J Edition[※b]	V9.0.0	RHEL-AS4(IPF)	FJSVihs	T001002QP-07
Interstage Application Server Standard-J Edition	V9.1.0	RHEL-AS4(IPF)	FJSVihs	T002178QP-06
Interstage Application Server Standard-J Edition	V9.2.0	RHEL-AS4(IPF)	FJSVihs	T004340QP-05
Interstage Application Server Enterprise Edition[※c]	V9.0.0	RHEL5(IPF)	FJSVihs	T001043QP-07
Interstage Application Server Enterprise Edition	V9.1.0	RHEL5(IPF)	FJSVihs	T002179QP-06
Interstage Application Server Enterprise Edition	V9.2.0	RHEL5(IPF)	FJSVihs	T004341QP-05
Interstage Application Server Standard-J Edition[※c]	V9.0.0	RHEL5(IPF)	FJSVihs	T001043QP-07
Interstage Application Server Standard-J Edition	V9.1.0	RHEL5(IPF)	FJSVihs	T002179QP-06
Interstage Application Server Standard-J Edition	V9.2.0	RHEL5(IPF)	FJSVihs	T004341QP-05
Interstage Application Server Enterprise Edition	V9.2.0	RHEL5(Intel64)	FJSVihs	T004342LP-05
Interstage Application Server Enterprise Edition	V9.3.0/ V9.3.1	RHEL5(Intel64)	FJSVihs	T005236LP-03
Interstage Application Server Enterprise Edition	V10.0.0	RHEL5(Intel64)	FJSVihs	T006040LP-02
Interstage Application Server Standard-J Edition	V9.2.0/ V9.3.1	RHEL5(Intel64)	FJSVihs	T004342LP-05
Interstage Application Server Standard-J Edition	V10.0.0	RHEL5(Intel64)	FJSVihs	T006040LP-02
Interstage Application Server Enterprise Edition	V9.3.1	RHEL6(Intel64)	FJSVihs	T006034LP-02
Interstage Application Server Enterprise Edition	V10.0.0	RHEL6(Intel64)	FJSVihs	T006041LP-02
Interstage Application Server Standard-J Edition	V9.3.1	RHEL6(Intel64)	FJSVihs	T006034LP-02
Interstage Application Server Standard-J Edition	V10.0.0	RHEL6(Intel64)	FJSVihs	T006041LP-02

Interstage Studio
製品名	バージョン	対象OS	パッケージ名	Patch ID
Interstage Studio Enterprise Edition[※a]	V9.0.0/ V9.0.0A/ V9.0.1	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows XP/ Windows Vista	F3FMihs	T001001WP-08
Interstage Studio Enterprise Edition	V9.1.0/ V9.1.0B	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows XP/ Windows Vista	F3FMihs	T002174WP-06
Interstage Studio Enterprise Edition	V9.2.0	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7	F3FMihs	T004344WP-05
Interstage Studio Standard-J Edition[※a]	V9.0.0/ V9.0.0A/ V9.0.1/ V9.0.1A	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows XP/ Windows Vista	F3FMihs	T001001WP-08
Interstage Studio Standard-J Edition	V9.1.0/ V9.1.0B	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows XP/ Windows Vista	F3FMihs	T002174WP-06
Interstage Studio Standard-J Edition	V9.2.0	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7	F3FMihs	T004344WP-05
Interstage Studio Standard-J Edition	V10.0.0	Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7	F3FMihs	T006036WP-02
Interstage Studio Standard-J Edition	V10.1.0	Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7/ Windows Small Business Server 2011	F3FMihs	T006383WP-01
Interstage Studio with UML Modeling Tool[※a]	V9.0.0	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows XP/ Windows Vista	F3FMihs	T001001WP-08
Interstage Studio with UML Modeling Tool	V9.1.0/ V9.1.0B	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows XP/ Windows Vista	F3FMihs	T002174WP-06
Interstage Studio with UML Modeling Tool	V9.2.0	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7	F3FMihs	T004344WP-05

Interstage Web Server
製品名	バージョン	対象OS	パッケージ名	Patch ID
Interstage Web Server[※a]	V9.0.0	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2	F3FMihs	T001001WP-08
Interstage Web Server	V9.1.0	Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2	F3FMihs	T002174WP-06
Interstage Web Server	V10.0.0	Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2	F3FMihs	T006036WP-02
Interstage Web Server	V10.1.0	Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows Small Business Server 2011	F3FMihs	T006383WP-01
Interstage Web Server	V9.0.0	Solaris 9/ 10	FJSVihs	T001004SP-09
Interstage Web Server	V9.1.0/ V9.1.0A	Solaris 9/ 10	FJSVihs	T002180SP-07
Interstage Web Server	V10.0.0	Solaris 9/ 10	FJSVihs	T006035SP-02
Interstage Web Server	V9.0.0/ V9.0.1	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T001003LP-07
Interstage Web Server	V9.1.0	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T002176LP-06
Interstage Web Server	V9.0.0/ V9.0.1	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T001044LP-07
Interstage Web Server	V9.1.0	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T002177LP-06
Interstage Web Server	V10.0.0	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T006038LP-02
Interstage Web Server	V10.0.0	RHEL6(x86)/ RHEL6(Intel64)	FJSVihs	T006039LP-02

[※a] T001001WP-01～07 を適用した場合のみ、本脆弱性に該当します。
[※b] T001002QP-01～06 を適用した場合のみ、本脆弱性に該当します。
[※c] T001043QP-01～06 を適用した場合のみ、本脆弱性に該当します。

パッチ入手に関しては、当社サポートセンターにお問い合わせください。

参考: 該当製品の確認方法

製品のバージョンを確認するには、製品に添付されている「ソフトウェア説明書」を参照してください。

3-3. 回避方法

ありません。

4. 関連情報

ありません。

5. 改版履歴

2013年11月26日新規掲載