Details of VAR-201004-0011

ID

VAR-201004-0011

CVE

CVE-2009-4777

TITLE

GIF File Processing Denial of Service Vulnerability in Multiple JP1 Products

Trust: 0.8

sources: JVNDB: JVNDB-2009-001968

DESCRIPTION

Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file.". Hitachi JP1 / Cm2 / Hierarchical is a middleware platform software. Hitachi JP1 / Automatic Job Management System 2-View, JP1 / Integrated Management-View, and multiple versions of JP1 / Cm2 / SNMP System Observer have unknown vulnerabilities. Remote attackers can trigger rejection by displaying "Invalid GIF file". Service (& ldquo; Exception & rdquo; Termination). Multiple Hitachi products are prone to a denial-of-service vulnerability caused by an unspecified error. Attackers can exploit this issue to terminate the affected applications, causing a denial-of-service condition. Affected products include the following: JP1/Automatic Job Management System 2 - View JP1/Integrated Management - View JP1/Cm2/SNMP System Observer For the full list of affected products, please see the referenced vendor advisory. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. SOLUTION: Update to a fixed version. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-016/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2009-4777 // JVNDB: JVNDB-2009-001968 // CNVD: CNVD-2010-4810 // BID: 36311 // PACKETSTORM: 81079

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-4810

AFFECTED PRODUCTS

vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	06-51	Trust: 1.6
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	07-10-\/h	Trust: 1.6
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	08-10	Trust: 1.6
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	07-10	Trust: 1.6
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	08-50-08	Trust: 1.6
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	08-10-11	Trust: 1.6
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	08-50	Trust: 1.6
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	06-71	Trust: 1.6
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	06-71-\/q	Trust: 1.6
vendor:	hitachi	model:	jp1\/server system observer	scope:	eq	version:	06-51	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/integrated management-view	scope:	eq	version:	08-01	Trust: 1.0
vendor:	hitachi	model:	jp1\/server system observer	scope:	eq	version:	06-71-\/h	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/snmp system observer	scope:	eq	version:	06-71	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/automatic job management system 2-view	scope:	eq	version:	06-71-\/m	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/automatic job management system 2-view	scope:	eq	version:	06-51	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/automatic job management system 2-view	scope:	eq	version:	08-00	Trust: 1.0
vendor:	hitachi	model:	jp1\/server system observer	scope:	eq	version:	06-51-\/f	Trust: 1.0
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	07-00	Trust: 1.0
vendor:	hitachi	model:	jp1\/integrated manager-view	scope:	eq	version:	07-00	Trust: 1.0
vendor:	hitachi	model:	jp1\/integrated manager-view	scope:	eq	version:	07-51	Trust: 1.0
vendor:	hitachi	model:	jp1 integrated management service support	scope:	eq	version:	08-11-01	Trust: 1.0
vendor:	hitachi	model:	jp1\/cm2\/snmp system observer	scope:	eq	version:	08-00	Trust: 1.0
vendor:	hitachi	model:	jp1\/server system observer	scope:	eq	version:	06-71-03	Trust: 1.0
vendor:	hitachi	model:	jp1\/performance management\/snmp system observer	scope:	eq	version:	07-50-09	Trust: 1.0
vendor:	hitachi	model:	jp1\/cm2\/snmp system observer	scope:	eq	version:	08-00-09	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/automatic job management system 2-view	scope:	eq	version:	07-00	Trust: 1.0
vendor:	hitachi	model:	jp1 integrated management service support	scope:	eq	version:	08-50-01	Trust: 1.0
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	06-00	Trust: 1.0
vendor:	hitachi	model:	jp1\/performance management\/snmp system observer	scope:	eq	version:	07-50	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/snmp system observer	scope:	eq	version:	06-51	Trust: 1.0
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	07-11-15	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/automatic job management system 2-view	scope:	eq	version:	06-71-m1	Trust: 1.0
vendor:	hitachi	model:	jp1\/performance management\/snmp system observer	scope:	eq	version:	07-00-\/e	Trust: 1.0
vendor:	hitachi	model:	jp1\/server system observer	scope:	eq	version:	06-71	Trust: 1.0
vendor:	hitachi	model:	jp1 integrated management service support	scope:	eq	version:	08-10-02	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/automatic job management system 2-view	scope:	eq	version:	06-51-\/n	Trust: 1.0
vendor:	hitachi	model:	jp1 integrated management service support	scope:	eq	version:	08-11	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/automatic job management system 2-view	scope:	eq	version:	06-00	Trust: 1.0
vendor:	hitachi	model:	jp1 integrated management service support	scope:	eq	version:	08-10-01	Trust: 1.0
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	08-01-05	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/automatic job management system 2-view	scope:	eq	version:	08-00-04	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/automatic job management system 2-view	scope:	eq	version:	06-71	Trust: 1.0
vendor:	hitachi	model:	jp1 integrated management service support	scope:	eq	version:	08-11-02	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/integrated manager-console view	scope:	eq	version:	06-71	Trust: 1.0
vendor:	hitachi	model:	jp1\/performance management\/snmp system observer	scope:	eq	version:	07-10	Trust: 1.0
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	08-00-13	Trust: 1.0
vendor:	hitachi	model:	jp1\/integrated manager-console view	scope:	eq	version:	06-00	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/integrated manager-view	scope:	eq	version:	07-00	Trust: 1.0
vendor:	hitachi	model:	jp1\/integrated manager-console view	scope:	eq	version:	06-71	Trust: 1.0
vendor:	hitachi	model:	jp1 integrated management service support	scope:	eq	version:	08-50	Trust: 1.0
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	07-00-g1	Trust: 1.0
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	07-50-17	Trust: 1.0
vendor:	hitachi	model:	jp1 integrated management service support	scope:	eq	version:	08-10-03	Trust: 1.0
vendor:	hitachi	model:	jp1 integrated management service support	scope:	eq	version:	08-11-03	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/automatic job management system 2-view	scope:	eq	version:	08-00-13	Trust: 1.0
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	06-00-\/k	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/automatic job management system 2-view	scope:	eq	version:	06-51-n1	Trust: 1.0
vendor:	hitachi	model:	jp1\/integrated management-view	scope:	eq	version:	08-00	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/automatic job management system 2-view	scope:	eq	version:	07-50-17	Trust: 1.0
vendor:	hitachi	model:	jp1 integrated management service support	scope:	eq	version:	08-50-03	Trust: 1.0
vendor:	hitachi	model:	jp1 integrated management service support	scope:	eq	version:	08-10	Trust: 1.0
vendor:	hitachi	model:	jp1\/performance management\/snmp system observer	scope:	eq	version:	07-00	Trust: 1.0
vendor:	hitachi	model:	jp1 integrated management service support	scope:	eq	version:	08-10-05	Trust: 1.0
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	07-50	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/snmp system observer	scope:	eq	version:	06-51-\/a	Trust: 1.0
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	07-11	Trust: 1.0
vendor:	hitachi	model:	jp1\/integrated management-view	scope:	eq	version:	08-50-06	Trust: 1.0
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	07-10-10	Trust: 1.0
vendor:	hitachi	model:	jp1 integrated management service support	scope:	eq	version:	08-50-02	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/performance management\/snmp system observer	scope:	eq	version:	07-00	Trust: 1.0
vendor:	hitachi	model:	jp1\/performance management\/snmp system observer	scope:	eq	version:	07-10-\/b	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/automatic job management system 2-view	scope:	eq	version:	07-50	Trust: 1.0
vendor:	hitachi	model:	jp1 integrated management service support	scope:	eq	version:	08-10-04	Trust: 1.0
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	08-01	Trust: 1.0
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	06-51-\/p	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/integrated manager-console view	scope:	eq	version:	06-00	Trust: 1.0
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	06-51-\/p1	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/automatic job management system 2-view	scope:	eq	version:	07-00-\/g	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/automatic job management system 2-view	scope:	eq	version:	06-00-\/a	Trust: 1.0
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	07-10-11	Trust: 1.0
vendor:	hitachi	model:	jp1\/automatic job management system 2-view	scope:	eq	version:	08-00	Trust: 1.0
vendor:	hitachi	model:	job management partner 1/automatic job management system 2	scope:	eq	version:	- view	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/integrated management	scope:	eq	version:	- view	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/integrated manager	scope:	eq	version:	- console view	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/integrated manager	scope:	eq	version:	- view	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/performance management/snmp system observer	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/snmp system observer	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/automatic job management system 2	scope:	eq	version:	- view	Trust: 0.8
vendor:	hitachi	model:	jp1/cm2/snmp system observer	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/integrated management	scope:	eq	version:	- view	Trust: 0.8
vendor:	hitachi	model:	jp1/integrated manager	scope:	eq	version:	- console view	Trust: 0.8
vendor:	hitachi	model:	jp1/integrated manager	scope:	eq	version:	- view	Trust: 0.8
vendor:	hitachi	model:	jp1/performance management/snmp system observer	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/server system observer	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/automatic job management system agent	scope:	eq	version:	2-	Trust: 0.6
vendor:	hitachi	model:	jp1/integrated management	scope:	eq	version:	0	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/snmp system observer	scope:	eq	version:	09-00	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/snmp system observer	scope:	eq	version:	0	Trust: 0.3
vendor:	hitachi	model:	jp1/automatic job management system	scope:	eq	version:	20	Trust: 0.3
vendor:	hitachi	model:	product name: jp1/integrated management view	scope:	ne	version:	-09-00	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/snmp system observer	scope:	ne	version:	09-00	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/snmp system observer )	scope:	ne	version:	09-00	Trust: 0.3
vendor:	hitachi	model:	jp1/automatic job management system view	scope:	ne	version:	3-09-00	Trust: 0.3

sources: CNVD: CNVD-2010-4810 // BID: 36311 // JVNDB: JVNDB-2009-001968 // CNNVD: CNNVD-201004-349 // NVD: CVE-2009-4777

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-4777
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2009-001968
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2010-4810
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201004-349
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2009-4777
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2009-001968
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2010-4810
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:M/AU:N/C:C/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2010-4810 // JVNDB: JVNDB-2009-001968 // CNNVD: CNNVD-201004-349 // NVD: CVE-2009-4777

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2009-4777

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201004-349

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201004-349

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-001968

PATCH

title:	HS09-016	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-016/index.html	Trust: 0.8
title:	Patch for Hitachi Multiple Products Invalid GIF File Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/37678	Trust: 0.6

sources: CNVD: CNVD-2010-4810 // JVNDB: JVNDB-2009-001968

EXTERNAL IDS

db:	NVD	id:	CVE-2009-4777	Trust: 3.3
db:	BID	id:	36311	Trust: 3.3
db:	SECUNIA	id:	36646	Trust: 2.6
db:	OSVDB	id:	57832	Trust: 2.4
db:	VUPEN	id:	ADV-2009-2576	Trust: 2.4
db:	HITACHI	id:	HS09-016	Trust: 2.0
db:	XF	id:	53115	Trust: 1.4
db:	JVNDB	id:	JVNDB-2009-001968	Trust: 0.8
db:	CNVD	id:	CNVD-2010-4810	Trust: 0.6
db:	CNNVD	id:	CNNVD-201004-349	Trust: 0.6
db:	PACKETSTORM	id:	81079	Trust: 0.1

sources: CNVD: CNVD-2010-4810 // BID: 36311 // JVNDB: JVNDB-2009-001968 // PACKETSTORM: 81079 // CNNVD: CNNVD-201004-349 // NVD: CVE-2009-4777

REFERENCES

url:	http://www.securityfocus.com/bid/36311	Trust: 3.0
url:	http://osvdb.org/57832	Trust: 2.4
url:	http://secunia.com/advisories/36646	Trust: 2.4
url:	http://www.vupen.com/english/advisories/2009/2576	Trust: 2.4
url:	http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs09-016/index.html	Trust: 2.0
url:	http://xforce.iss.net/xforce/xfdb/53115	Trust: 1.4
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/53115	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4777	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4777	Trust: 0.8
url:	http://www.hitachi.com/index.html	Trust: 0.3
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/36646/	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2010-4810 // BID: 36311 // JVNDB: JVNDB-2009-001968 // PACKETSTORM: 81079 // CNNVD: CNNVD-201004-349 // NVD: CVE-2009-4777

CREDITS

Hitachi

Trust: 0.9

sources: BID: 36311 // CNNVD: CNNVD-201004-349

SOURCES

db:	CNVD	id:	CNVD-2010-4810
db:	BID	id:	36311
db:	JVNDB	id:	JVNDB-2009-001968
db:	PACKETSTORM	id:	81079
db:	CNNVD	id:	CNNVD-201004-349
db:	NVD	id:	CVE-2009-4777

LAST UPDATE DATE

2024-08-14T14:58:34.835000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-4810	date:	2010-04-21T00:00:00
db:	BID	id:	36311	date:	2015-04-13T21:06:00
db:	JVNDB	id:	JVNDB-2009-001968	date:	2009-09-14T00:00:00
db:	CNNVD	id:	CNNVD-201004-349	date:	2010-04-21T00:00:00
db:	NVD	id:	CVE-2009-4777	date:	2017-08-17T01:31:45.303

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-4810	date:	2010-04-21T00:00:00
db:	BID	id:	36311	date:	2009-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2009-001968	date:	2009-09-14T00:00:00
db:	PACKETSTORM	id:	81079	date:	2009-09-09T16:35:33
db:	CNNVD	id:	CNNVD-201004-349	date:	2010-04-21T00:00:00
db:	NVD	id:	CVE-2009-4777	date:	2010-04-21T14:30:00.583