ESB-2018.1034 - [Win] Hitatchi JP1/ServerConductor/Deployment Manager and Hitachi Compute Systems Manager: Denial of service - Remote/unauthenticated 2018-04-05

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1034
        DoS Vulnerability in JP1/ServerConductor/Deployment Manager
                    and Hitachi Compute Systems Manager
                               5 April 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Hitatchi JP1/ServerConductor/Deployment Manager
                   Hitachi Compute Systems Manager
Publisher:         Hitatchi
Operating System:  Windows
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade

Original Bulletin: 
   http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-110/index.html

- --------------------------BEGIN INCLUDED TEXT--------------------

DoS Vulnerability in JP1/ServerConductor/Deployment Manager and Hitachi
Compute Systems Manager

  o Security Information ID
  o Vulnerability description
  o Affected products
  o Fixed products
  o Revision history

Update: April 3, 2018

A DoS Vulnerability was found in JP1/ServerConductor/Deployment Manager and
Hitachi Compute Systems Manager (Deployment Manager Plug-in).

Security Information ID

hitachi-sec-2018-110

Vulnerability description

A DoS Vulnerability was found in JP1/ServerConductor/Deployment Manager and
Hitachi Compute Systems Manager (Deployment Manager Plug-in).

Affected products and versions are listed below. Please upgrade your version
to the appropriate version.

Affected products

The information is organized under the following headings:

(Example)
Product name: Gives the name of the affected product.

Version:

Platform
    Gives the affected version.

Product name: JP1/ServerConductor/Deployment Manager

Version(s):

Windows
    09-10 to 09-70

Product name: JP1/ServerConductor/Deployment Manager Enterprise Edition (*1)

Version(s):

Windows
    07-52 to 09-53
Windows(English version)
    08-06 to 09-01

Product name: JP1/ServerConductor/Deployment Manager Standard Edition (*1)

Version(s):

Windows
    07-50 to 09-03-/C
Windows(English version)
    08-06 to 09-01

Product name: ServerConductor/Deployment Manager Enterprise Edition (*1)

Version(s):

Windows(English version)
    07-51 to 07-61

Product name: ServerConductor/Deployment Manager Standard Edition (*1)

Version(s):

Windows(English version)
    07-51 to 07-61

Product name: ServerConductor/Deployment Manager (*1)

Version(s):

Windows
    01-00 to 06-00-/A

Product name: Hitachi Compute Systems Manager

Version(s):

Windows
    7.4.1-02 to 8.5.3-00
Windows(English version)
    7.4.1-01 to 8.5.3-00

*1
    Please upgrade to a later product version.

Fixed products

The information is organized under the following headings:

(Example)
Product name: Gives the name of the fixed product.

Version:

Platform
    Gives the fixed version, and release date.

Scheduled version:

Platform
    Gives the fixed version scheduled to be released.

Product name: JP1/ServerConductor/Deployment Manager

Version(s):

Windows
    09-71 January 19, 2018

Product name: Hitachi Compute Systems Manager

Version(s):

Windows(Japanese version)
    8.5.3-03 January 9, 2018

Scheduled version(s):

Windows(English version)
    8.6.0-00

For details on the fixed products, contact your Hitachi support service
representative.

Revision history

April 3, 2018
    This page is released.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWsWuHYx+lLeg9Ub1AQjxZA/+OqYCWAqk6Zq9d2wFEPgMV4YYusAaCeKs
dcMMpUJSycZlL9TSOhP+4oi6Soo2HvlnImRxcI3u0PUgLLOjyYrUEtEIvqqTXAb4
32FS8fVu0nSq37p9daXG3cd2l74v8blwL/UJLuKp5noTQdpch42nhdSpJhV/88So
5bWLKIv4HEScYtBvs0lwBvkxyeKEvAanznetJOb+AQ2vIzzDgH/wobk8pAAAYa0T
zGHjlVt5Rolq3TgdBIuhMwJ5NBRFGFocRKG1Jxn4M4uwFi6ZQ68McSlalI8ApYKm
nvPd1FhzxHe9zsj/m6AVOtpTFSU/7WIj+GV/tZT4LDrxbpwP2jSKmDjvsW1nVg7v
Gj8ldsOVUnloSoHi1yxpp/IqtCWklnT218iCWFeZftBQomqsTqnW1CNRflw4Z6j4
9HFeNOxXcZ1+VRWQOpDjJFVwoXWDxnFl3Bdh4o2HnsGUnhRBUx1nyJ13fLFD3BZ1
qdjroxBqUe2k9lSE9G1SxygBfKVZolw8s26ISaIBIyMA77YDlqBRZWjru1LYrzqi
3DiPg6Qel+sy8M1GaI646lYVC3MGrOcGf24n4Jr/xZnApUoIqDLpJeOGp2iIU2cT
rmQtZZ+Dpdcku8SI5phJuoJByhGk51r7ft3ICd2VeUjSiCtcGzEn4vkaPoW4kgK+
PeT2W6PutMU=
=PhqO
-----END PGP SIGNATURE-----

« Back to bulletins