Sign-up

ID

VAR-200604-0560


CVE

CVE-2006-2087


TITLE

Gmax Mail client in Hitachi Groupmax Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2006-2773 // CNNVD: CNNVD-200604-556

DESCRIPTION

The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename. Some email clients contain a vulnerability which may crash themselves as they do not properly handle an attached file with an particular file name.Actual impact could differ depending on the email clients though, email clients may crash when hadling an attached file with a particular file name. Other possible impacts could be an attached file not being saved or hanged up while in the saving process, or an error message being displayed on the application related to the attached file. Groupmax Integrated Desktop is prone to a denial-of-service vulnerability. TITLE: Groupmax Mail Client Attachment Filename Handling Weakness SECUNIA ADVISORY ID: SA19840 VERIFY ADVISORY: http://secunia.com/advisories/19840/ CRITICAL: Not critical IMPACT: DoS WHERE: >From remote SOFTWARE: Groupmax World Wide Web Desktop 5.x http://secunia.com/product/4333/ Groupmax World Wide Web 3.x http://secunia.com/product/4332/ Groupmax World Wide Web 2.x http://secunia.com/product/4331/ Groupmax Mail 7.x http://secunia.com/product/6160/ Groupmax Mail 6.x http://secunia.com/product/6159/ Groupmax Integrated Desktop Version 7.x http://secunia.com/product/9565/ Groupmax Integrated Desktop Version 6.x http://secunia.com/product/9564/ Groupmax Integrated Desktop Version 5.x http://secunia.com/product/9563/ Groupmax Integrated Desktop Version 3.x http://secunia.com/product/9562/ Groupmax Integrated Desktop Version 2.x http://secunia.com/product/9561/ Groupmax World Wide Web Desktop 6.x http://secunia.com/product/4334/ Groupmax World Wide Web Desktop for Jichitai 6.x http://secunia.com/product/4335/ DESCRIPTION: A weakness has been reported in Groupmax Mail Client, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to an error within the handling of email attachments. The weakness has been reported in the following products: * Groupmax Integrated Desktop version 3, 5, 6, 7. * Mail Client version 02-00 through 02-31-/E. * GroupMail/Client(DOS/V) version 01-21-/C through 01-21-/D. * GroupMail/Client version 01-01 through 01-21-/G. * Groupmax World Wide Web Desktop Version 2, 3, 5, 6. SOLUTION: Apply patches (see patch matrix in the vendor advisory). PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2006-2087 // JVNDB: JVNDB-2006-000602 // CNVD: CNVD-2006-2773 // BID: 87657 // PACKETSTORM: 45729

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-2773

AFFECTED PRODUCTS

vendor:hitachimodel:groupmax world wide web desktopscope:eqversion:*

Trust: 1.0

vendor:hitachimodel:groupmax integrated desktopscope:eqversion:*

Trust: 1.0

vendor:hitachimodel:groupmax mailscope:eqversion:*

Trust: 1.0

vendor:hitachimodel:groupmax world wide webscope:eqversion:*

Trust: 1.0

vendor:hitachimodel:groupmail/clientscope:eqversion:(dosv) 01-21-/c - 01-21-/d

Trust: 0.8

vendor:hitachimodel:groupmail/clientscope:eqversion:01-01 - 01-21-/g

Trust: 0.8

vendor:hitachimodel:groupmax integrated desktopscope:eqversion:version 2.0 02-10 - 02-31-/s

Trust: 0.8

vendor:hitachimodel:groupmax integrated desktopscope:eqversion:version 3 03-00 - 03-10-/p

Trust: 0.8

vendor:hitachimodel:groupmax integrated desktopscope:eqversion:version 5 05-00 - 05-11-/h

Trust: 0.8

vendor:hitachimodel:groupmax integrated desktopscope:eqversion:version 6 06-00 - 06-52-/c

Trust: 0.8

vendor:hitachimodel:groupmax integrated desktopscope:eqversion:version 7 07-00 - 07-20-/c

Trust: 0.8

vendor:hitachimodel:groupmax world wide web desktopscope:eqversion:for jichitai 06-51 - 06-52-/a

Trust: 0.8

vendor:hitachimodel:groupmax world wide web desktopscope:eqversion:version 2.0

Trust: 0.8

vendor:hitachimodel:groupmax world wide web desktopscope:eqversion:version 3

Trust: 0.8

vendor:hitachimodel:groupmax world wide web desktopscope:eqversion:version 5

Trust: 0.8

vendor:hitachimodel:groupmax world wide web desktopscope:eqversion:version 6 02-00 - 02-31-/i

Trust: 0.8

vendor:hitachimodel:mail clientscope:eqversion:02-00 - 02-31-/e

Trust: 0.8

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:hitachimodel:groupmax integrated desktopscope: - version: -

Trust: 0.6

vendor:hitachimodel:groupmax mailscope: - version: -

Trust: 0.6

vendor:hitachimodel:groupmax world wide webscope: - version: -

Trust: 0.6

vendor:hitachimodel:groupmax world wide web desktopscope: - version: -

Trust: 0.6

vendor:hitachimodel:groupmax world wide web desktopscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:groupmax world wide webscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:groupmax mailscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:groupmax integrated desktopscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2006-2773 // BID: 87657 // JVNDB: JVNDB-2006-000602 // CNNVD: CNNVD-200604-556 // NVD: CVE-2006-2087

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-2087
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2006-000602
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2006-2773
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-200604-556
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2006-2087
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2006-000602
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2006-2773
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2006-2773 // JVNDB: JVNDB-2006-000602 // CNNVD: CNNVD-200604-556 // NVD: CVE-2006-2087

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-2087

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200604-556

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200604-556

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-000602

PATCH
title:HS06-006url:http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/01-e.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-000602

EXTERNAL IDS
db:NVDid:CVE-2006-2087
Trust: 3.3
db:SECUNIAid:19840
Trust: 3.2
db:OSVDBid:24969
Trust: 2.4
db:HITACHIid:HS06-006
Trust: 2.0
db:XFid:26099
Trust: 1.7
db:VUPENid:ADV-2006-1539
Trust: 1.6
db:JVNid:JVN89344424
Trust: 0.8
db:JVNDBid:JVNDB-2006-000602
Trust: 0.8
db:CNVDid:CNVD-2006-2773
Trust: 0.6
db:JVNid:JVN#89344424
Trust: 0.6
db:CNNVDid:CNNVD-200604-556
Trust: 0.6
db:BIDid:87657
Trust: 0.3
db:PACKETSTORMid:45729
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2006-2773 // 
            
            
            
            BID: 87657 // 
            
            
            
            JVNDB: JVNDB-2006-000602 // 
            
            
            
            PACKETSTORM: 45729 // 
            
            
            
            CNNVD: CNNVD-200604-556 // 
            
            
            
            NVD: CVE-2006-2087

REFERENCES
url:http://secunia.com/advisories/19840
Trust: 3.0
url:http://www.osvdb.org/24969
Trust: 2.4
url:http://www.hitachi-support.com/security_e/vuls_e/hs06-006_e/index-e.html
Trust: 2.0
url:http://jvn.jp/jp/jvn%2389344424/index.html
Trust: 1.9
url:http://www.hitachi-support.com/security_e/vuls_e/hs06-006_e/01-e.html
Trust: 1.9
url:http://xforce.iss.net/xforce/xfdb/26099
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2006/1539
Trust: 1.4
url:http://www.vupen.com/english/advisories/2006/1539
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/26099
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2087
Trust: 0.8
url:http://jvn.jp/en/jp/jvn89344424/index.html
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-2087
Trust: 0.8
url:http://secunia.com/product/9561/
Trust: 0.1
url:http://secunia.com/advisories/19840/
Trust: 0.1
url:http://secunia.com/product/4333/
Trust: 0.1
url:http://secunia.com/product/9564/
Trust: 0.1
url:http://secunia.com/product/4335/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/9565/
Trust: 0.1
url:http://secunia.com/product/4334/
Trust: 0.1
url:http://secunia.com/product/9563/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/4331/
Trust: 0.1
url:http://secunia.com/product/6160/
Trust: 0.1
url:http://secunia.com/product/6159/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/product/9562/
Trust: 0.1
url:http://secunia.com/product/4332/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2006-2773 // 
            
            
            
            BID: 87657 // 
            
            
            
            JVNDB: JVNDB-2006-000602 // 
            
            
            
            PACKETSTORM: 45729 // 
            
            
            
            CNNVD: CNNVD-200604-556 // 
            
            
            
            NVD: CVE-2006-2087

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 87657

SOURCES
db:CNVDid:CNVD-2006-2773
db:BIDid:87657
db:JVNDBid:JVNDB-2006-000602
db:PACKETSTORMid:45729
db:CNNVDid:CNNVD-200604-556
db:NVDid:CVE-2006-2087

LAST UPDATE DATE
2024-08-14T15:09:43.938000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2006-2773date:2006-04-29T00:00:00
db:BIDid:87657date:2006-04-29T00:00:00
db:JVNDBid:JVNDB-2006-000602date:2008-05-21T00:00:00
db:CNNVDid:CNNVD-200604-556date:2006-04-30T00:00:00
db:NVDid:CVE-2006-2087date:2017-07-20T01:31:10.333

SOURCES RELEASE DATE
db:CNVDid:CNVD-2006-2773date:2006-04-29T00:00:00
db:BIDid:87657date:2006-04-29T00:00:00
db:JVNDBid:JVNDB-2006-000602date:2008-05-21T00:00:00
db:PACKETSTORMid:45729date:2006-04-27T21:57:26
db:CNNVDid:CNNVD-200604-556date:2006-04-29T00:00:00
db:NVDid:CVE-2006-2087date:2006-04-29T10:02:00