Japanese Edition

LAC Advisory No.102
yoyaku_v41 OS Command Injection Vulnerability

Discovered on:05 Aug 2009
Released on:18 Sep 2009

Severity:
High

 

Overview:
Webservice-DIC's yoyaku_v41 has an OS command injection vulnerability.

 

Description:
Webservice-DIC's yoyaku_v41 is a software application to manage facility reservations.

yoyaku_v41 has an OS command injection vulnerability. Exploitation of the vulnerability could allow attackers to execute arbitrary OS commands on the server where yoyaku_v41 is installed with privileges of the Web server.

 

Affected Products and Versions:
yoyaku_v41 version 1.10 and earlier

 

Solution:
Download the fixed version (1.20 or later) of the software released by the developer and update it.

http://www.d-ic.com/free/06/yoyaku_v41.html

 

Discovered by:
Keigo Yamazaki (LAC)

 

Thanks to:

This LAC Advisory is released in coordination with Information-technology Promotion Agency, Japan (IPA) and Japan Computer Emargency Response Team Coordination Center (JPCERT/CC.)

http://jvn.jp/en/jp/JVN05857667/
http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000060.html

 

Disclaimer:
The information contained in this advisory may be revised without prior notice and is provided as is. Users shall take their own risk when taking any actions following reading this advisory. Little eArth Corporation Co., Ltd. shall not be held responsible  for any claims, losses or damages caused by the use of information provided here.

 

This advisory is available at the following URL:

http://www.lac.co.jp/english/advisory/102_e.html

Japanese Edition