LANDesk Multiple Products QIP Server Service (qipsrvr.exe) Heal Request Packet Handling Overflow

This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by a
remote buffer overflow vulnerability.

Description :

LANDesk Management Suite, used to automate system and security
management tasks, is installed on the remote host.

The version of LANDesk Management Suite includes an instance of the
Intel QIP Server Service that makes a call to 'MultiByteToWideChar()'
using values from packet data. Using a specially crafted 'heal'
request, a remote attacker can leverage this issue to control both the
pointer to the function's 'StringToMap' and 'StringSize' arguments,
overflow a stack or heap buffer depending on the specified sizes, and
execute arbitrary code with SYSTEM privileges.

See also :

http://dvlabs.tippingpoint.com/advisory/TPTI-08-06
http://seclists.org/fulldisclosure/2008/Sep/300
https://community.landesk.com/docs/DOC-3276

Solution :

Upgrade to LANDesk 8.7 / 8.8 if necessary and apply the appropriate
fix referenced in the vendor advisory.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 34243 (landesk_qip_heal_overflow.nasl)

Bugtraq ID: 31193

CVE ID: CVE-2008-2468

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now