Published:2010/05/17  Last Updated:2010/05/17

CapsSuite Small Edition PatchMeister vulnerable to denial of service


CapsSuite Small Edition PatchMeister contains a denial of service (DoS) vulnerability.

Products Affected

Servers or workstations that installed "Client Service for PTM" from the following products are vulnerable.

  • CapsSuite Small Edition PatchMeister Ver2.0 Update2 and earlier


CapsSuite Small Edition PatchMeister is a product that manages the application of security patches. CapsSuite Small Edition PatchMeister contains a denial of service (DoS) vulnerability.


On a server or workstation with "Client Service for PTM" installed, a remote attacker may shut down or restart the operating system.


Update the Software
Update to the latest version according to the information provided by the developer.

Filter traffic using a firewall
Deny access to port 56015 for packets that do not have a source IP of the CapsSuite Small Edition PatchMeister server.

For more information, refer to the developer's website.

Vendor Status

Vendor Status Last Update Vendor Notes
NEC Corporation Vulnerable 2010/05/17


  1. IPA
    Security Alert for Vulnerability in CapsSuite Small Edition PatchMeister

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2010.05.17

Measures Conditions Severity
Access Required Non-routed - must be attacked from a local segment, such as Ethernet, Bluetooth, and 802.11 attacks
  • Medium-High
Authentication None - anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required None - the vulnerability can be exploited without an honest user taking any action
  • High
Exploit Complexity Low-Medium - some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls)
  • Medium-High

Description of each analysis measures


Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2010-1943
JVN iPedia JVNDB-2010-000020

Update History