ID

VAR-200707-0286


CVE

CVE-2007-3794


TITLE

Multiple Hitachi Products GIF Image Buffer Overflow Vulnerability

Trust: 0.9

sources: BID: 24905 // CNNVD: CNNVD-200707-260

DESCRIPTION

Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application. Multiple Hitachi products are prone to a buffer-overflow vulnerability because the applications fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Given the nature of this issue, successful exploits may lead to remote code execution, but this has not been confirmed. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. The vulnerability is caused due to an boundary error within the handling of GIF files and can be exploited to cause a buffer overflow. No further information is currently available. Please see vendor advisory for affected products and versions. SOLUTION: Update to the latest versions (please see vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-018_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2007-3794 // JVNDB: JVNDB-2007-000701 // BID: 24905 // PACKETSTORM: 57727

AFFECTED PRODUCTS

vendor:hitachimodel:cosminexus application serverscope:eqversion:06_00_06_00_e

Trust: 1.0

vendor:hitachimodel:ucosminexus application serverscope:eqversion:06_70_06_70_h

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:05_00_05_00_h

Trust: 1.0

vendor:hitachimodel:ucosminexus application serverscope:eqversion:06_70_06_70_a

Trust: 1.0

vendor:hitachimodel:ucosminexus service architectscope:eqversion:07_00_07_20

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:06_00_06_00_b

Trust: 1.0

vendor:hitachimodel:cosminexus developerscope:eqversion:05_05_05_05_o

Trust: 1.0

vendor:hitachimodel:cosminexus serverscope:eqversion:04_00_04_00_a

Trust: 1.0

vendor:hitachimodel:ucosminexus application serverscope:eqversion:07_10

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:05_01_05_01_k

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:06_51_06_51_b

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:06_50_06_50_f

Trust: 1.0

vendor:hitachimodel:ucosminexus application serverscope:eqversion:07_00

Trust: 1.0

vendor:hitachimodel:cosminexus developerscope:eqversion:06_00_06_00_g

Trust: 1.0

vendor:hitachimodel:cosminexus developerscope:eqversion:06_02_06_02_f

Trust: 1.0

vendor:hitachimodel:cosminexus developerscope:eqversion:06_51_06_51_g

Trust: 1.0

vendor:hitachimodel:ucosminexus application serverscope:eqversion:07_00_07_20

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:05_05_05_05_l

Trust: 1.0

vendor:hitachimodel:cosminexus studioscope:eqversion:04_00_04_00_a

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:06_50_06_50_b

Trust: 1.0

vendor:hitachimodel:ucosminexus clientscope:eqversion:07_00_07_20

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:05_05_05_05_h

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:05_00_05_00_r

Trust: 1.0

vendor:hitachimodel:cosminexus developerscope:eqversion:06_50_06_50_e

Trust: 1.0

vendor:hitachimodel:ucosminexus application serverscope:eqversion:06_70_06_70_b

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:06_00_06_00_d

Trust: 1.0

vendor:hitachimodel:ucosminexus application serverscope:eqversion:06_70_06_70_d

Trust: 1.0

vendor:hitachimodel:ucosminexus application serverscope:eqversion:06_71_06_71_b

Trust: 1.0

vendor:hitachimodel:ucosminexus application serverscope:eqversion:06_70_06_70_c

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:06_50_06_50_d

Trust: 1.0

vendor:hitachimodel:ucosminexus clientscope:eqversion:06_70_06_70_b

Trust: 1.0

vendor:hitachimodel:cosminexus developerscope:eqversion:05_00_05_00_h

Trust: 1.0

vendor:hitachimodel:ucosminexus clientscope:eqversion:06_71_06_71_b

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:06_00_06_00_a

Trust: 1.0

vendor:hitachimodel:cosminexus developerscope:eqversion:05_01_05_01_k

Trust: 1.0

vendor:hitachimodel:ucosminexus service platformscope:eqversion:07_00_07_10

Trust: 1.0

vendor:hitachimodel:cosminexus clientscope:eqversion:06_02_06_02_f

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:06_50_06_50_c

Trust: 1.0

vendor:hitachimodel:cosminexus clientscope:eqversion:06_51_06_51_g

Trust: 1.0

vendor:hitachimodel:ucosminexus application serverscope:eqversion:06_70_06_72

Trust: 1.0

vendor:hitachimodel:cosminexus clientscope:eqversion:06_00_06_00_g

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:06_00_06_00_g

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:06_02_06_02_f

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:06_51_06_51_g

Trust: 1.0

vendor:hitachimodel:ucosminexus developerscope:eqversion:06_70_06_70_b

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:05_02_05_02_e

Trust: 1.0

vendor:hitachimodel:cosminexus studioscope:eqversion:05_05_05_05_o

Trust: 1.0

vendor:hitachimodel:ucosminexus operatorscope:eqversion:07_00_07_20

Trust: 1.0

vendor:hitachimodel:ucosminexus developerscope:eqversion:06_71_06_71_b

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:05_05_05_00_o

Trust: 1.0

vendor:hitachimodel:cosminexus serverscope:eqversion:04_01_04_01_a

Trust: 1.0

vendor:hitachimodel:cosminexus clientscope:eqversion:06_50_06_50_e

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:06_50_06_50_e

Trust: 1.0

vendor:hitachimodel:ucosminexus service platformscope:eqversion:07_10

Trust: 1.0

vendor:hitachimodel:ucosminexus application serverscope:eqversion:07_00_07_10

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:06_51_06_51_c

Trust: 1.0

vendor:hitachimodel:ucosminexus service platformscope:eqversion:07_00_07_20

Trust: 1.0

vendor:hitachimodel:cosminexus studioscope:eqversion:04_01_04_01_a

Trust: 1.0

vendor:hitachimodel:cosminexus application serverscope:eqversion:enterprise version 6

Trust: 0.8

vendor:hitachimodel:cosminexus application serverscope:eqversion:standard version 6

Trust: 0.8

vendor:hitachimodel:cosminexus application serverscope:eqversion:version 5

Trust: 0.8

vendor:hitachimodel:cosminexus clientscope:eqversion:version 6

Trust: 0.8

vendor:hitachimodel:cosminexus collaborationscope:eqversion:server

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:light version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:professional version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:standard version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:version 5

Trust: 0.8

vendor:hitachimodel:cosminexus developer's kit for javascope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus erp integratorscope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus serverscope:eqversion:standard edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus serverscope:eqversion:web edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus studioscope:eqversion:standard edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus studioscope:eqversion:version 5

Trust: 0.8

vendor:hitachimodel:cosminexus studioscope:eqversion:web edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus/opentp1scope:eqversion:web front-end set

Trust: 0.8

vendor:hitachimodel:electronic form workflowscope:eqversion:developer client set

Trust: 0.8

vendor:hitachimodel:electronic form workflowscope:eqversion:professional library set

Trust: 0.8

vendor:hitachimodel:electronic form workflowscope:eqversion:standard set

Trust: 0.8

vendor:hitachimodel:groupmax collaborationscope:eqversion:server

Trust: 0.8

vendor:hitachimodel:developer's kit for javascope: - version: -

Trust: 0.8

vendor:hitachimodel:processing kit for xmlscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:enterprise

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:standard

Trust: 0.8

vendor:hitachimodel:ucosminexus clientscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus collaborationscope:eqversion:server

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:light

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:professional

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:standard

Trust: 0.8

vendor:hitachimodel:ucosminexus erp integratorscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus operatorscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus servicescope:eqversion:architect

Trust: 0.8

vendor:hitachimodel:ucosminexus servicescope:eqversion:platform

Trust: 0.8

vendor:hitachimodel:ucosminexus/opentp1scope:eqversion:web front-end set

Trust: 0.8

vendor:microsoftmodel:windowsscope: - version: -

Trust: 0.6

vendor:ibmmodel:xl c/c++ enterprise edition for aixscope:eqversion:v80

Trust: 0.3

vendor:ibmmodel:xl c/c++ enterprise edition for aixscope:eqversion:v70

Trust: 0.3

vendor:hitachimodel:ucosminexus/opentp1 web front-end setscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus service platformscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus service architectscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus operatorscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus erp integratorscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus developer standardscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus developer professionalscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus developer lightscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration serverscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus clientscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus application server standardscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus application server enterprisescope:eqversion:0

Trust: 0.3

vendor:hitachimodel:processing kit for xmlscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:groupmax collaboration serverscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:electronic form workflow standard setscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:electronic form workflow professional library setscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:electronic form workflow developer client setscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:developer's kit for javascope:eqversion:0

Trust: 0.3

vendor:hitachimodel:cosminexus/opentp1 web front-end setscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:cosminexus studio web editionscope:eqversion:4

Trust: 0.3

vendor:hitachimodel:cosminexus studio standard editionscope:eqversion:4

Trust: 0.3

vendor:hitachimodel:cosminexus studioscope:eqversion:5

Trust: 0.3

vendor:hitachimodel:cosminexus server web editionscope:eqversion:4

Trust: 0.3

vendor:hitachimodel:cosminexus server standard editionscope:eqversion:4

Trust: 0.3

vendor:hitachimodel:cosminexus erp integratorscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:cosminexus developer standardscope:eqversion:6

Trust: 0.3

vendor:hitachimodel:cosminexus developer professionalscope:eqversion:6

Trust: 0.3

vendor:hitachimodel:cosminexus developer lightscope:eqversion:6

Trust: 0.3

vendor:hitachimodel:cosminexus developerscope:eqversion:5

Trust: 0.3

vendor:hitachimodel:cosminexus collaboration serverscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:cosminexus clientscope:eqversion:6

Trust: 0.3

vendor:hitachimodel:cosminexus application server standardscope:eqversion:6

Trust: 0.3

vendor:hitachimodel:cosminexus application server enterprisescope:eqversion:6

Trust: 0.3

vendor:hitachimodel:cosminexus application serverscope:eqversion:5

Trust: 0.3

sources: BID: 24905 // JVNDB: JVNDB-2007-000701 // CNNVD: CNNVD-200707-260 // NVD: CVE-2007-3794

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3794
value: HIGH

Trust: 1.0

IPA: JVNDB-2007-000701
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200707-260
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2007-3794
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2007-000701
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: JVNDB: JVNDB-2007-000701 // CNNVD: CNNVD-200707-260 // NVD: CVE-2007-3794

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3794

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-260

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200707-260

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-000701

PATCH

title:HS07-018url:http://www.hitachi-support.com/security_e/vuls_e/HS07-018_e/index-e.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-000701

EXTERNAL IDS

db:NVDid:CVE-2007-3794

Trust: 2.7

db:BIDid:24905

Trust: 2.7

db:SECUNIAid:26025

Trust: 2.6

db:HITACHIid:HS07-018

Trust: 2.0

db:VUPENid:ADV-2007-2534

Trust: 1.6

db:OSVDBid:37851

Trust: 1.6

db:USCERTid:SA07-022A

Trust: 0.8

db:USCERTid:TA07-022A

Trust: 0.8

db:XFid:36022

Trust: 0.8

db:JVNDBid:JVNDB-2007-000701

Trust: 0.8

db:CNNVDid:CNNVD-200707-260

Trust: 0.6

db:PACKETSTORMid:57727

Trust: 0.1

sources: BID: 24905 // JVNDB: JVNDB-2007-000701 // PACKETSTORM: 57727 // CNNVD: CNNVD-200707-260 // NVD: CVE-2007-3794

REFERENCES

url:http://secunia.com/advisories/26025

Trust: 2.4

url:http://www.securityfocus.com/bid/24905

Trust: 2.4

url:http://www.hitachi-support.com/security_e/vuls_e/hs07-018_e/index-e.html

Trust: 2.0

url:http://osvdb.org/37851

Trust: 1.6

url:http://www.frsirt.com/english/advisories/2007/2534

Trust: 1.4

url:http://www.vupen.com/english/advisories/2007/2534

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3794

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/36022

Trust: 0.8

url:http://jvn.jp/cert/jvnta07-022a/index.html

Trust: 0.8

url:http://jvn.jp/tr/trta07-022a/index.html

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3794

Trust: 0.8

url:http://www.us-cert.gov/cas/alerts/sa07-022a.html

Trust: 0.8

url:http://www.us-cert.gov/cas/techalerts/ta07-022a.html

Trust: 0.8

url:http://www.hds.com/products/storage-software/hitachi-device-manager.html

Trust: 0.3

url:http://secunia.com/advisories/26025/

Trust: 0.1

url:http://secunia.com/product/13823/

Trust: 0.1

url:http://secunia.com/product/4393/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/14787/

Trust: 0.1

url:http://secunia.com/network_software_inspector/

Trust: 0.1

url:http://secunia.com/product/14786/

Trust: 0.1

url:http://secunia.com/product/5795/

Trust: 0.1

url:http://secunia.com/product/13820/

Trust: 0.1

url:http://secunia.com/product/13821/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/product/5794/

Trust: 0.1

url:http://secunia.com/product/13819/

Trust: 0.1

sources: BID: 24905 // JVNDB: JVNDB-2007-000701 // PACKETSTORM: 57727 // CNNVD: CNNVD-200707-260 // NVD: CVE-2007-3794

CREDITS

The vendor disclosed this issue.

Trust: 0.9

sources: BID: 24905 // CNNVD: CNNVD-200707-260

SOURCES

db:BIDid:24905
db:JVNDBid:JVNDB-2007-000701
db:PACKETSTORMid:57727
db:CNNVDid:CNNVD-200707-260
db:NVDid:CVE-2007-3794

LAST UPDATE DATE

2024-11-23T20:10:04.203000+00:00


SOURCES UPDATE DATE

db:BIDid:24905date:2015-05-07T17:37:00
db:JVNDBid:JVNDB-2007-000701date:2008-05-21T00:00:00
db:CNNVDid:CNNVD-200707-260date:2007-07-18T00:00:00
db:NVDid:CVE-2007-3794date:2024-11-21T00:34:04.933

SOURCES RELEASE DATE

db:BIDid:24905date:2007-07-13T00:00:00
db:JVNDBid:JVNDB-2007-000701date:2008-05-21T00:00:00
db:PACKETSTORMid:57727date:2007-07-13T21:43:57
db:CNNVDid:CNNVD-200707-260date:2007-07-15T00:00:00
db:NVDid:CVE-2007-3794date:2007-07-15T23:30:00