製品・ソフトウェアに関する情報

JVN脆弱性詳細

Novell IDM 用の Fan-Out Driver Platform Services におけるサービス運用妨害 (DoS) の脆弱性

Title	Novell IDM 用の Fan-Out Driver Platform Services におけるサービス運用妨害 (DoS) の脆弱性
Summary	Novell Identity Manager (IDM) 用の Fan-Out Driver Platform Services の Platform Service Process (asampsp) には、サービス運用妨害 (デーモンクラッシュ) 状態となる脆弱性が存在します。
Possible impacts	第三者により、ネットワークトラフィックを介して、無効なフォーマット文字列指定子を含む syslog メッセージを誘発され、サービス運用妨害 (デーモンクラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 21, 2007, midnight
Registration Date	Sept. 25, 2012, 4:59 p.m.
Last Update	Sept. 25, 2012, 4:59 p.m.

Affected System

Novell

Identity Manager 3.5.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-6625	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6625
National Vulnerability Database (NVD)
2	CVE-2007-6625	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6625

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-134	https://jvndb.jvn.jp/ja/cwe/CWE-134.html

ベンダー情報

No	Name	URL
Novell
1	5007560	http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5007560.html#

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-6625

Summary	The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan.
Summary	El Platform Service Process (asampsp) de Fan-Out Driver Platform Services para Novell Identity Manager (IDM) 3.5.1 permite a atacantes remotos provocar una denegación de servicio (caída de demonio) mediante tráfico de red no especificado que dispara un mensaje de syslog conteniendo especificadores de formato de cadena inválidos, como se demuestra con un análisis Nessus.
Publication Date	Jan. 4, 2008, 9:46 a.m.
Registration Date	Jan. 29, 2021, 2:25 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:novell:identity_manager:3.5.1:::::::*

Related information, measures and tools

No	URL	refsource
1	http://osvdb.org/40104	cve@mitre.org
2	http://secunia.com/advisories/28237	cve@mitre.org
3	http://securitytracker.com/id?1019144	cve@mitre.org
4	http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5007560.html	cve@mitre.org
5	http://www.securityfocus.com/bid/27028	cve@mitre.org
6	http://www.vupen.com/english/advisories/2007/4311	cve@mitre.org
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/39206	cve@mitre.org
8	http://osvdb.org/40104	af854a3a-2127-422b-91ae-364da2661108
9	http://secunia.com/advisories/28237	af854a3a-2127-422b-91ae-364da2661108
10	http://securitytracker.com/id?1019144	af854a3a-2127-422b-91ae-364da2661108
11	http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5007560.html	af854a3a-2127-422b-91ae-364da2661108
12	http://www.securityfocus.com/bid/27028	af854a3a-2127-422b-91ae-364da2661108
13	http://www.vupen.com/english/advisories/2007/4311	af854a3a-2127-422b-91ae-364da2661108
14	https://exchange.xforce.ibmcloud.com/vulnerabilities/39206	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-134	書式文字列の問題	https://cwe.mitre.org/data/definitions/134.html