製品・ソフトウェアに関する情報

JVN脆弱性詳細

Consona Dynamic Agent などの tgsrv.exe における任意のコードを実行される脆弱性

Title	Consona Dynamic Agent などの tgsrv.exe における任意のコードを実行される脆弱性
Summary	Consona Dynamic Agent、Repair Manager、Subscriber Activation および Subscriber Agent の Repair Service の tgsrv.exe は、\\.\pipe\__RepairService_pipe__company named pipe への入力検証に予測可能な timestamp フィールドに依存するため、任意のコードを実行される脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、(1) TCPIP.SYS または (2) SMB2 サービスから現在の時刻を取得されることで、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 16, 2010, midnight
Registration Date	June 26, 2012, 4:19 p.m.
Last Update	June 26, 2012, 4:19 p.m.

Affected System

コンソナ

consona dynamic agent

consona repair manager

consona subscriber activation

consona subscriber agent

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-1906	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1906
National Vulnerability Database (NVD)
2	CVE-2010-1906	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1906

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-310	https://jvndb.jvn.jp/ja/cwe/CWE-310.html

ベンダー情報

No	Name	URL
consona
1	Security Vulnerabilities and Recommendations	http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf

その他

No	Name	URL
US-CERT Vulnerability Note
1	VU#602801	http://www.kb.cert.org/vuls/id/602801

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-1906

Summary	tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\.\pipe\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service.
Publication Date	May 12, 2010, 8:46 p.m.
Registration Date	Jan. 29, 2021, 11:01 a.m.
Last Update	Oct. 11, 2018, 4:57 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:::::*
cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:::::*
cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:::::*
cpe:2.3:a:consona:consona_repair_manager::::::::
cpe:2.3:a:consona:consona_subscriber_activation::::::::
cpe:2.3:a:consona:consona_subscriber_agent::::::::
execution environment
1	cpe:2.3:o:microsoft:windows_7::::::::
2	cpe:2.3:o:microsoft:windows_vista::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/39752	SECUNIA	Vendor Advisory
2	http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html	MISC
3	http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf	CONFIRM	Patch Vendor Advisory
4	http://www.kb.cert.org/vuls/id/602801	CERT-VN	Patch US Government Resource
5	http://www.securityfocus.com/archive/1/511176/100/0/threaded	BUGTRAQ
6	http://www.wintercore.com/downloads/rootedcon_0day.pdf	MISC	Exploit

Common Vulnerabilities List

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:::::*
cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:::::*
cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:::::*
cpe:2.3:a:consona:consona_repair_manager::::::::
cpe:2.3:a:consona:consona_subscriber_activation::::::::
cpe:2.3:a:consona:consona_subscriber_agent::::::::
execution environment
1	cpe:2.3:o:microsoft:windows_7::::::::
2	cpe:2.3:o:microsoft:windows_vista::::::::