Detections
Analytics

LANDesk Management Suite Alert Service (aolnsrvr.exe) Remote Overflow

critical Nessus Plugin ID 25085

Synopsis

The remote Windows host has an application that is affected by a buffer overflow vulnerability.

Description

LANDesk Management Suite, used to automate system and security management tasks, is installed on the remote host.

The version of LANDesk Management Suite includes an instance of Intel Pro Alerting Proxy, which contains a stack-based buffer overflow vulnerability. An attacker may be able to leverage this issue by connecting to it over UDP port 65535 and sending sufficient data to overflow a 268 byte stack-based buffer to execute arbitrary code with LOCAL SYSTEM privileges.

Solution

Apply the latest Service Pack followed by hotfix INST-11050687.2.zip or remove the Intel Pro Alerting Proxy software.

See Also

http://www.tippingpoint.com/security/advisories/TSRT-07-04.html

https://seclists.org/bugtraq/2007/Apr/211

Plugin Details

Severity: Critical

ID: 25085

File Name: landesk_aolnsrvr_overflow.nasl

Version: 1.15

Type: local

Agent: windows

Family: Windows

Published: 4/24/2007

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/13/2007

Vulnerability Publication Date: 4/13/2007

Exploitable With

Core Impact

Metasploit (LANDesk Management Suite 8.7 Alert Service Buffer Overflow)

Reference Information

CVE: CVE-2007-1674

BID: 23483