Sign-up

ID

VAR-200912-0194


CVE

CVE-2009-4292


TITLE

SEIL/X Series and SEIL/B1 buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-000069

DESCRIPTION

Buffer overflow in the URL filtering function in Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.40 through 2.51 allows remote attackers to execute arbitrary code via unspecified vectors. SEIL/X Series and SEIL/B1 contain a buffer overflow vulnerability. SEIL/X Series and SEIL/B1 are routers. The following devices are affected: SEIL/X1 2.40 to 2.51 SEIL/X2 2.40 to 2.51 SEIL/B1 2.40 to 2.51. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: SEIL Routers Denial of Service and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA37154 VERIFY ADVISORY: http://secunia.com/advisories/37154/ DESCRIPTION: Some vulnerabilities have been reported in the SEIL/X1, X2, and B1 routers, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) An error exists when processing of certain GRE packets. This can be exploited to cause the device to restart by sending certain specially crafted GRE packets. Note: Successful exploitation requires that the NAT functionality is enabled. 2) A buffer overflow error exists within the URL filtering functionality. Vulnerability #1 is reported in SEIL/X1, X2, and B1 version 2.30 to 2.51 and vulnerability #2 is reported in SEIL/X1, X2, and B1 version 2.40 to 2.51. SOLUTION: Update to version 2.52. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: 1) http://jvn.jp/jp/JVN13011682/index.html http://www.seil.jp/seilseries/security/2009/a00674.php 2) http://jvn.jp/jp/JVN06362164/index.html http://www.seil.jp/seilseries/security/2009/a00669.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2009-4292 // JVNDB: JVNDB-2009-000069 // BID: 36896 // VULHUB: VHN-41738 // PACKETSTORM: 82299

AFFECTED PRODUCTS

vendor:iijmodel:seil\/b1scope:eqversion:2.40

Trust: 1.6

vendor:iijmodel:seil\/b1scope:eqversion:2.42

Trust: 1.6

vendor:iijmodel:seil\/x1scope:eqversion:2.51

Trust: 1.6

vendor:iijmodel:seil\/x1scope:eqversion:2.50

Trust: 1.6

vendor:iijmodel:seil\/x1scope:eqversion:2.42

Trust: 1.6

vendor:iijmodel:seil\/b1scope:eqversion:2.41

Trust: 1.6

vendor:iijmodel:seil\/x1scope:eqversion:2.40

Trust: 1.6

vendor:iijmodel:seil\/x1scope:eqversion:2.41

Trust: 1.6

vendor:iijmodel:seil\/b1scope:eqversion:2.51

Trust: 1.6

vendor:iijmodel:seil\/b1scope:eqversion:2.50

Trust: 1.6

vendor:iijmodel:seil\/x2scope:eqversion:2.51

Trust: 1.0

vendor:iijmodel:seil\/x2scope:eqversion:2.42

Trust: 1.0

vendor:iijmodel:seil\/x1scope:eqversion:*

Trust: 1.0

vendor:iijmodel:seil\/x2scope:eqversion:2.50

Trust: 1.0

vendor:iijmodel:seil\/x2scope:eqversion:*

Trust: 1.0

vendor:iijmodel:seil\/b1scope:eqversion:*

Trust: 1.0

vendor:iijmodel:seil\/x2scope:eqversion:2.40

Trust: 1.0

vendor:iijmodel:seil\/x2scope:eqversion:2.41

Trust: 1.0

vendor:internet initiativemodel:seil/b1scope:eqversion:firmware 2.40 to 2.51

Trust: 0.8

vendor:internet initiativemodel:seil/x1scope:eqversion:firmware 2.40 to 2.51

Trust: 0.8

vendor:internet initiativemodel:seil/x2scope:eqversion:firmware 2.40 to 2.51

Trust: 0.8

vendor:seilmodel:seil/x2scope:eqversion:2.51

Trust: 0.3

vendor:seilmodel:seil/x2scope:eqversion:2.50

Trust: 0.3

vendor:seilmodel:seil/x2scope:eqversion:2.49

Trust: 0.3

vendor:seilmodel:seil/x2scope:eqversion:2.48

Trust: 0.3

vendor:seilmodel:seil/x2scope:eqversion:2.47

Trust: 0.3

vendor:seilmodel:seil/x2scope:eqversion:2.46

Trust: 0.3

vendor:seilmodel:seil/x2scope:eqversion:2.45

Trust: 0.3

vendor:seilmodel:seil/x2scope:eqversion:2.44

Trust: 0.3

vendor:seilmodel:seil/x2scope:eqversion:2.43

Trust: 0.3

vendor:seilmodel:seil/x2scope:eqversion:2.42

Trust: 0.3

vendor:seilmodel:seil/x2scope:eqversion:2.41

Trust: 0.3

vendor:seilmodel:seil/x2scope:eqversion:2.40

Trust: 0.3

vendor:seilmodel:seil/x1scope:eqversion:2.51

Trust: 0.3

vendor:seilmodel:seil/x1scope:eqversion:2.50

Trust: 0.3

vendor:seilmodel:seil/x1scope:eqversion:2.49

Trust: 0.3

vendor:seilmodel:seil/x1scope:eqversion:2.48

Trust: 0.3

vendor:seilmodel:seil/x1scope:eqversion:2.47

Trust: 0.3

vendor:seilmodel:seil/x1scope:eqversion:2.46

Trust: 0.3

vendor:seilmodel:seil/x1scope:eqversion:2.45

Trust: 0.3

vendor:seilmodel:seil/x1scope:eqversion:2.44

Trust: 0.3

vendor:seilmodel:seil/x1scope:eqversion:2.43

Trust: 0.3

vendor:seilmodel:seil/x1scope:eqversion:2.42

Trust: 0.3

vendor:seilmodel:seil/x1scope:eqversion:2.41

Trust: 0.3

vendor:seilmodel:seil/x1scope:eqversion:2.40

Trust: 0.3

vendor:seilmodel:seil/b1scope:eqversion:2.51

Trust: 0.3

vendor:seilmodel:seil/b1scope:eqversion:2.50

Trust: 0.3

vendor:seilmodel:seil/b1scope:eqversion:2.48

Trust: 0.3

vendor:seilmodel:seil/x2scope:neversion:2.52

Trust: 0.3

vendor:seilmodel:seil/x1scope:neversion:2.52

Trust: 0.3

vendor:seilmodel:seil/b1scope:neversion:2.52

Trust: 0.3

sources: BID: 36896 // JVNDB: JVNDB-2009-000069 // CNNVD: CNNVD-200912-156 // NVD: CVE-2009-4292

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-4292
value: HIGH

Trust: 1.0

IPA: JVNDB-2009-000069
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200912-156
value: CRITICAL

Trust: 0.6

VULHUB: VHN-41738
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-4292
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2009-000069
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-41738
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-41738 // JVNDB: JVNDB-2009-000069 // CNNVD: CNNVD-200912-156 // NVD: CVE-2009-4292

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-41738 // JVNDB: JVNDB-2009-000069 // NVD: CVE-2009-4292

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200912-156

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200912-156

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-000069

PATCH
title:a00669.phpurl:http://www.seil.jp/seilseries/security/2009/a00669.php
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-000069

EXTERNAL IDS
db:JVNid:JVN06362164
Trust: 2.9
db:NVDid:CVE-2009-4292
Trust: 2.8
db:SECUNIAid:37154
Trust: 2.7
db:VUPENid:ADV-2009-3111
Trust: 2.5
db:JVNDBid:JVNDB-2009-000069
Trust: 2.5
db:OSVDBid:59362
Trust: 1.7
db:XFid:54050
Trust: 0.8
db:OSVDBid:59361
Trust: 0.8
db:CNNVDid:CNNVD-200912-156
Trust: 0.7
db:JVNid:JVN#06362164
Trust: 0.6
db:XFid:54051
Trust: 0.6
db:JVNid:JVN13011682
Trust: 0.4
db:BIDid:36896
Trust: 0.3
db:VULHUBid:VHN-41738
Trust: 0.1
db:PACKETSTORMid:82299
Trust: 0.1
sources:
            
            
            VULHUB: VHN-41738 // 
            
            
            
            BID: 36896 // 
            
            
            
            JVNDB: JVNDB-2009-000069 // 
            
            
            
            PACKETSTORM: 82299 // 
            
            
            
            CNNVD: CNNVD-200912-156 // 
            
            
            
            NVD: CVE-2009-4292

REFERENCES
url:http://jvn.jp/en/jp/jvn06362164/index.html
Trust: 2.8
url:http://secunia.com/advisories/37154
Trust: 2.5
url:http://www.vupen.com/english/advisories/2009/3111
Trust: 2.5
url:http://www.seil.jp/seilseries/security/2009/a00669.php
Trust: 2.1
url:http://jvndb.jvn.jp/en/contents/2009/jvndb-2009-000069.html
Trust: 1.7
url:http://osvdb.org/59362
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/54051
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4292
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/54050
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4292
Trust: 0.8
url:http://osvdb.org/59361
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/54051
Trust: 0.6
url:http://www.seil.jp/seilseries/security/2009/a00674.php
Trust: 0.4
url:http://jvn.jp/en/jp/jvn13011682/index.html
Trust: 0.3
url:http://www.seil.jp/
Trust: 0.3
url:http://jvn.jp/jp/jvn13011682/index.html
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://jvn.jp/jp/jvn06362164/index.html
Trust: 0.1
url:http://secunia.com/advisories/business_solutions/
Trust: 0.1
url:http://secunia.com/advisories/37154/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-41738 // 
            
            
            
            BID: 36896 // 
            
            
            
            JVNDB: JVNDB-2009-000069 // 
            
            
            
            PACKETSTORM: 82299 // 
            
            
            
            CNNVD: CNNVD-200912-156 // 
            
            
            
            NVD: CVE-2009-4292

CREDITS
JPCERT/CC
Trust: 0.3
sources:
            
            
            BID: 36896

SOURCES
db:VULHUBid:VHN-41738
db:BIDid:36896
db:JVNDBid:JVNDB-2009-000069
db:PACKETSTORMid:82299
db:CNNVDid:CNNVD-200912-156
db:NVDid:CVE-2009-4292

LAST UPDATE DATE
2025-04-10T23:05:00.187000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-41738date:2017-08-17T00:00:00
db:BIDid:36896date:2010-08-11T11:34:00
db:JVNDBid:JVNDB-2009-000069date:2009-11-02T00:00:00
db:CNNVDid:CNNVD-200912-156date:2009-12-11T00:00:00
db:NVDid:CVE-2009-4292date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-41738date:2009-12-10T00:00:00
db:BIDid:36896date:2009-11-02T00:00:00
db:JVNDBid:JVNDB-2009-000069date:2009-11-02T00:00:00
db:PACKETSTORMid:82299date:2009-10-28T10:48:16
db:CNNVDid:CNNVD-200912-156date:2009-12-10T00:00:00
db:NVDid:CVE-2009-4292date:2009-12-10T23:30:00.390