Sign-up

ID

VAR-200908-0535


TITLE

Issue of Access Control Failure in Hitachi Device Manager Server

Trust: 0.8

sources: JVNDB: JVNDB-2009-001931

DESCRIPTION

Hitachi Device Manager servers contain a vulnerability in which access control settings would be rendered invalid in the following cases: - IPv6 format is used for communications between a Hitachi Device Manager server and its clients. - Access controls for Hitachi Device Manager clients are set by the range of IP addresses written in the CIDR format.An unauthorized client may gain access to the Hitachi Device Manager server. Very few technical details are available. We will update this BID when more information emerges. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Hitachi Device Manager Server IPv6 Security Bypass Vulnerability SECUNIA ADVISORY ID: SA36526 VERIFY ADVISORY: http://secunia.com/advisories/36526/ DESCRIPTION: A vulnerability has been reported in multiple Hitachi products, which can be exploited by malicious people to bypass certain security restrictions. Successful exploitation requires that the application is running in an IPv6 environment and that the CIDR format is used in rules restricting network access. SOLUTION: Apply vendor patches (please see vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS09-013/index.html OTHER REFERENCES: JVN: http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001931.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.08

sources: JVNDB: JVNDB-2009-001931 // BID: 36190 // PACKETSTORM: 80828

AFFECTED PRODUCTS

vendor:hitachimodel:device managerscope:eqversion:software

Trust: 0.8

vendor:hitachimodel:jp1/hicommand device managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/hicommand device managerscope:eqversion:5.9-08

Trust: 0.6

vendor:hitachimodel:jp1/hicommand device managerscope:eqversion:5.9-00

Trust: 0.6

vendor:hitachimodel:device manager softwarescope:eqversion:6.1.1-03

Trust: 0.6

vendor:hitachimodel:device manager softwarescope:eqversion:6.1.1-00

Trust: 0.6

vendor:hitachimodel:device manager softwarescope:eqversion:6.1-02

Trust: 0.6

vendor:hitachimodel:device manager softwarescope:eqversion:6.1-00

Trust: 0.6

vendor:hitachimodel:device manager softwarescope:eqversion:6.0-06

Trust: 0.6

vendor:hitachimodel:device manager softwarescope:eqversion:6.0-00

Trust: 0.6

vendor:hitachimodel:device manager softwarescope:neversion:6.2-00

Trust: 0.6

vendor:hitachimodel:device manager softwarescope:neversion:6.1.1-04

Trust: 0.6

vendor:hitachimodel:device manager softwarescope:neversion:6.1-03

Trust: 0.6

vendor:hitachimodel:jp1/hicommand device manager (solarisscope:eqversion:5.9-08(x64))

Trust: 0.3

vendor:hitachimodel:jp1/hicommand device manager (solarisscope:eqversion:5.9-00(x64))

Trust: 0.3

vendor:hitachimodel:jp1/hicommand device manager (solaris (sscope:eqversion:5.9.0-08

Trust: 0.3

vendor:hitachimodel:jp1/hicommand device manager (solaris (sscope:eqversion:5.9.0-00

Trust: 0.3

vendor:hitachimodel:device manager software )scope:eqversion:6.1.1-03

Trust: 0.3

vendor:hitachimodel:device manager software (solarisscope:eqversion:6.1.1-03(x64))

Trust: 0.3

vendor:hitachimodel:device manager software )scope:eqversion:6.1.1-00

Trust: 0.3

vendor:hitachimodel:device manager software (solarisscope:eqversion:6.1.1-00(x64))

Trust: 0.3

vendor:hitachimodel:device manager software )scope:eqversion:6.1-02

Trust: 0.3

vendor:hitachimodel:device manager software (solarisscope:eqversion:6.1-02(x64))

Trust: 0.3

vendor:hitachimodel:device manager software )scope:eqversion:6.1-00

Trust: 0.3

vendor:hitachimodel:device manager software (solarisscope:eqversion:6.1-00(x64))

Trust: 0.3

vendor:hitachimodel:device manager software )scope:eqversion:6.0-06

Trust: 0.3

vendor:hitachimodel:device manager software (solarisscope:eqversion:6.0-06(x64))

Trust: 0.3

vendor:hitachimodel:device manager software )scope:eqversion:6.0-00

Trust: 0.3

vendor:hitachimodel:device manager software (solarisscope:eqversion:6.0-00(x64))

Trust: 0.3

vendor:hitachimodel:device manager software )scope:neversion:6.2-00

Trust: 0.3

vendor:hitachimodel:device manager software (solarisscope:neversion:6.2-00(x64))

Trust: 0.3

vendor:hitachimodel:device manager software )scope:neversion:6.1.1-04

Trust: 0.3

vendor:hitachimodel:device manager software (solarisscope:neversion:6.1.1-04(x64))

Trust: 0.3

vendor:hitachimodel:device manager software )scope:neversion:6.1-03

Trust: 0.3

vendor:hitachimodel:device manager software (solarisscope:neversion:6.1-03(x64))

Trust: 0.3

sources: BID: 36190 // JVNDB: JVNDB-2009-001931

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2009-001931
value: MEDIUM

Trust: 0.8

IPA: JVNDB-2009-001931
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: JVNDB: JVNDB-2009-001931

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2009-001931

THREAT TYPE

network

Trust: 0.3

sources: BID: 36190

TYPE

Unknown

Trust: 0.3

sources: BID: 36190

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-001931

PATCH
title:HS09-013url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs09-013/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-001931

EXTERNAL IDS
db:JVNDBid:JVNDB-2009-001931
Trust: 1.2
db:HITACHIid:HS09-013
Trust: 0.4
db:BIDid:36190
Trust: 0.3
db:SECUNIAid:36526
Trust: 0.3
db:PACKETSTORMid:80828
Trust: 0.1
sources:
            
            
            BID: 36190 // 
            
            
            
            JVNDB: JVNDB-2009-001931 // 
            
            
            
            PACKETSTORM: 80828

REFERENCES
url:http://jvndb.jvn.jp/en/contents/2009/jvndb-2009-001931.html
Trust: 0.4
url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs09-013/index.html
Trust: 0.4
url:http://www.hds.com/products/storage-software/hitachi-device-manager.html
Trust: 0.3
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/business_solutions/
Trust: 0.1
url:http://secunia.com/advisories/36526/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
sources:
            
            
            BID: 36190 // 
            
            
            
            PACKETSTORM: 80828

CREDITS
Hitachi
Trust: 0.3
sources:
            
            
            BID: 36190

SOURCES
db:BIDid:36190
db:JVNDBid:JVNDB-2009-001931
db:PACKETSTORMid:80828

LAST UPDATE DATE
2022-05-17T22:46:59.707000+00:00

SOURCES UPDATE DATE
db:BIDid:36190date:2009-11-18T23:05:00
db:JVNDBid:JVNDB-2009-001931date:2009-08-31T00:00:00

SOURCES RELEASE DATE
db:BIDid:36190date:2009-08-31T00:00:00
db:JVNDBid:JVNDB-2009-001931date:2009-08-31T00:00:00
db:PACKETSTORMid:80828date:2009-09-01T12:32:05