ID
VAR-201002-0399
TITLE
Hitachi JP1/Cm2/Network Node Manager Insecure File Permissions Vulnerability
Trust: 0.3
DESCRIPTION
Hitachi JP1/Cm2/Network Node Manager is prone to a security vulnerability because it sets insecure file permissions. An attacker can exploit this issue to obtain sensitive information or gain escalated privileges. ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Hitachi JP1/Cm2/Network Node Manager Remote Console Insecure File Permissions SECUNIA ADVISORY ID: SA38740 VERIFY ADVISORY: http://secunia.com/advisories/38740/ DESCRIPTION: Hitachi has acknowledged a security issue in Hitachi JP1/Cm2/Network Node Manager, which can be exploited by malicious, local users to manipulate certain data and potentially gain escalated privileges. The security issue is reported in the following products and versions: * JP1/Cm2/Network Node Manager Enterprise version 06-51 to 06-71 * JP1/Cm2/Network Node Manager 250 version 06-51 to 06-71 * JP1/Cm2/Network Node Manager version 07-00 to 07-10 * JP1/Cm2/Network Node Manager Starter Edition Enterprise version 08-00 to 08-10 * JP1/Cm2/Network Node Manager Starter Edition 250 version 08-00 to 08-10 SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-002/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
Trust: 0.36
AFFECTED PRODUCTS
| vendor: | hitachi | model: | jp1/cm2/network node manager starter edition | scope: | eq | version: | 25008-10-01 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager starter edition | scope: | eq | version: | 25008-10 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager starter edition windows | scope: | eq | version: | 25008-00-03 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager starter edition | scope: | eq | version: | 25008-00-02 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager starter edition | scope: | eq | version: | 25008-00 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager starter ed enterprise | scope: | eq | version: | 08-10-01 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager starter ed enterprise | scope: | eq | version: | 08-10 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager starter ed enterprise | scope: | eq | version: | 08-00-02 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager starter ed enterprise | scope: | eq | version: | 08-00-01 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager starter ed enterprise | scope: | eq | version: | 08-00 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise 06-71-/c | scope: | - | version: | - | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise 06-71-/b | scope: | - | version: | - | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise 06-71-/a | scope: | - | version: | - | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-70 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-69 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-68 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-67 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-66 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-65 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-64 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-63 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-62 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-61 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-60 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-59 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-58 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-57 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-56 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-55 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-54 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-53 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-52 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager enterprise | scope: | eq | version: | 06-51 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager 06-71-/d | scope: | eq | version: | 250 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager 06-71-/c | scope: | eq | version: | 250 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager 06-71-/b | scope: | eq | version: | 250 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager 06-71-/a | scope: | eq | version: | 250 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-70 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-69 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-68 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-67 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-66 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-65 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-64 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-63 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-62 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-61 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-60 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-59 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-58 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-57 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-56 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-55 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-54 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-53 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-52 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 25006-51 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 07-10 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 07-09 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 07-08 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 07-07 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 07-06 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 07-05 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 07-04 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 07-03 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 07-02 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 07-01 | Trust: 0.3 |
| vendor: | hitachi | model: | jp1/cm2/network node manager | scope: | eq | version: | 07-00 | Trust: 0.3 |
THREAT TYPE
local
Trust: 0.4
TYPE
Design Error
Trust: 0.3
EXTERNAL IDS
| db: | HITACHI | id: | HS10-002 | Trust: 0.4 |
| db: | BID | id: | 38428 | Trust: 0.3 |
| db: | SECUNIA | id: | 38740 | Trust: 0.2 |
| db: | PACKETSTORM | id: | 86742 | Trust: 0.1 |
REFERENCES
| url: | http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs10-002/index.html | Trust: 0.4 |
| url: | http://www.hitachi.com/index.html | Trust: 0.3 |
| url: | http://secunia.com/advisories/secunia_security_advisories/ | Trust: 0.1 |
| url: | http://secunia.com/advisories/38740/ | Trust: 0.1 |
| url: | http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org | Trust: 0.1 |
| url: | http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ | Trust: 0.1 |
| url: | http://secunia.com/advisories/about_secunia_advisories/ | Trust: 0.1 |
CREDITS
The vendor reported this issue.
Trust: 0.3
SOURCES
| db: | BID | id: | 38428 |
| db: | PACKETSTORM | id: | 86742 |
LAST UPDATE DATE
2022-05-17T01:51:51.037000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 38428 | date: | 2010-02-26T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 38428 | date: | 2010-02-26T00:00:00 |
| db: | PACKETSTORM | id: | 86742 | date: | 2010-02-26T16:07:26 |