ID
VAR-201001-0938
TITLE
Hitachi Multiple Products Image File Parsing Buffer Overflow Vulnerability
Trust: 0.3
DESCRIPTION
Multiple Hitachi products, including Cosminexus, Processing Kit for XML, and Hitachi Developer's Kit for Java, are prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. ---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Hitachi Products Image File Processing Buffer Overflow SECUNIA ADVISORY ID: SA38363 VERIFY ADVISORY: http://secunia.com/advisories/38363/ DESCRIPTION: A vulnerability has been reported in multiple Hitachi products, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to an unspecified error when processing image files in Java applications and can be exploited to cause a buffer overflow. Please see the vendor's advisory for a full list of affected products. SOLUTION: Update to a fixed version. See vendor advisory for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-019/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
Trust: 0.36
AFFECTED PRODUCTS
| vendor: | hitachi | model: | ucosminexus/opentp1 web front-end set | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus service platform | scope: | eq | version: | 8 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus service platform | scope: | eq | version: | 7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus service platform | scope: | eq | version: | 6.7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus service architect | scope: | eq | version: | 8 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus service architect | scope: | eq | version: | 7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus service architect | scope: | eq | version: | 6.7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus portal framework entry set | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus operator | scope: | eq | version: | 8 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus operator | scope: | eq | version: | 7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus operator | scope: | eq | version: | 6.7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus navigation platform authoring license | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus navigation platform user license | scope: | eq | version: | -0 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus navigation platform | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus navigation developer | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus developer standard | scope: | eq | version: | 8 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus developer standard | scope: | eq | version: | 7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus developer standard | scope: | eq | version: | 6.7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus developer standard | scope: | eq | version: | 6 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus developer professional | scope: | eq | version: | 8 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus developer professional | scope: | eq | version: | 7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus developer professional | scope: | eq | version: | 6.7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus developer professional | scope: | eq | version: | 6 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus developer light | scope: | eq | version: | 8 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus developer light | scope: | eq | version: | 7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus developer light | scope: | eq | version: | 6.7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus collaboration server | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus client | scope: | eq | version: | 8 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus client | scope: | eq | version: | 7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus client | scope: | eq | version: | 6.7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus application server standard version | scope: | eq | version: | 6 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus application server standard | scope: | eq | version: | 8 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus application server standard | scope: | eq | version: | 7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus application server standard | scope: | eq | version: | 6.7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus application server enterprise version | scope: | eq | version: | 6 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus application server enterprise | scope: | eq | version: | 8 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus application server enterprise | scope: | eq | version: | 7 | Trust: 0.3 |
| vendor: | hitachi | model: | ucosminexus application server enterprise | scope: | eq | version: | 6.7 | Trust: 0.3 |
| vendor: | hitachi | model: | groupmax collaboration server | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hitachi | model: | electronic form workflow standard set | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hitachi | model: | electronic form workflow set | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hitachi | model: | electronic form workflow professional set | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hitachi | model: | electronic form workflow professional library set | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hitachi | model: | electronic form workflow developer set | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hitachi | model: | electronic form workflow developer client set | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hitachi | model: | cosminexus studio web edition | scope: | eq | version: | 4 | Trust: 0.3 |
| vendor: | hitachi | model: | cosminexus studio standard edition | scope: | eq | version: | 4 | Trust: 0.3 |
| vendor: | hitachi | model: | cosminexus studio | scope: | eq | version: | 5 | Trust: 0.3 |
| vendor: | hitachi | model: | cosminexus server web edition | scope: | eq | version: | 4 | Trust: 0.3 |
| vendor: | hitachi | model: | cosminexus server standard edition | scope: | eq | version: | 4 | Trust: 0.3 |
| vendor: | hitachi | model: | cosminexus developer light | scope: | eq | version: | 6 | Trust: 0.3 |
| vendor: | hitachi | model: | cosminexus developer | scope: | eq | version: | 5 | Trust: 0.3 |
| vendor: | hitachi | model: | cosminexus client | scope: | eq | version: | 6 | Trust: 0.3 |
| vendor: | hitachi | model: | cosminexus application server | scope: | eq | version: | 5.0 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Boundary Condition Error
Trust: 0.3
EXTERNAL IDS
| db: | HITACHI | id: | HS09-019 | Trust: 0.4 |
| db: | BID | id: | 38000 | Trust: 0.3 |
| db: | SECUNIA | id: | 38363 | Trust: 0.2 |
| db: | PACKETSTORM | id: | 85770 | Trust: 0.1 |
REFERENCES
| url: | http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs09-019/index.html | Trust: 0.4 |
| url: | http://www.hitachi.com/index.html | Trust: 0.3 |
| url: | http://www.hitachi.co.jp/prod/comp/soft1/groupmax/product/suiteindex.html#coll | Trust: 0.3 |
| url: | http://secunia.com/advisories/secunia_security_advisories/ | Trust: 0.1 |
| url: | http://secunia.com/blog/71/ | Trust: 0.1 |
| url: | http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org | Trust: 0.1 |
| url: | http://secunia.com/advisories/38363/ | Trust: 0.1 |
| url: | http://secunia.com/advisories/about_secunia_advisories/ | Trust: 0.1 |
CREDITS
The issue is reported by the vendor.
Trust: 0.3
SOURCES
| db: | BID | id: | 38000 |
| db: | PACKETSTORM | id: | 85770 |
LAST UPDATE DATE
2022-05-17T22:44:35.420000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 38000 | date: | 2010-01-29T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 38000 | date: | 2010-01-29T00:00:00 |
| db: | PACKETSTORM | id: | 85770 | date: | 2010-01-31T10:11:37 |