JVN#82749282
CapsSuite Small Edition PatchMeister vulnerable to denial of service
Overview
CapsSuite Small Edition PatchMeister contains a denial of service (DoS) vulnerability.
Products Affected
Servers or workstations that installed "Client Service for PTM" from the following products are vulnerable.- CapsSuite Small Edition PatchMeister Ver2.0 Update2 and earlier
Description
CapsSuite Small Edition PatchMeister is a product that manages the application of security patches. CapsSuite Small Edition PatchMeister contains a denial of service (DoS) vulnerability.
Impact
On a server or workstation with "Client Service for PTM" installed, a remote attacker may shut down or restart the operating system.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Filter traffic using a firewall
Deny access to port 56015 for packets that do not have a source IP of the CapsSuite Small Edition PatchMeister server.
For more information, refer to the developer's website.
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2010.05.17
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | Non-routed - must be attacked from a local segment, such as Ethernet, Bluetooth, and 802.11 attacks |
|
| Authentication | None - anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | None - the vulnerability can be exploited without an honest user taking any action |
|
| Exploit Complexity | Low-Medium - some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls) |
|
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2010-1943 |
| JVN iPedia |
JVNDB-2010-000020 |