LANDesk Multiple Products QIP Server Service (qipsrvr.exe) Heal Request Packet Handling Overflow

critical Nessus Plugin ID 34243

Synopsis

The remote Windows host has an application that is affected by a remote buffer overflow vulnerability.

Description

LANDesk Management Suite, used to automate system and security management tasks, is installed on the remote host.

The version of LANDesk Management Suite includes an instance of the Intel QIP Server Service that makes a call to 'MultiByteToWideChar()' using values from packet data. Using a specially crafted 'heal' request, a remote attacker can leverage this issue to control both the pointer to the function's 'StringToMap' and 'StringSize' arguments, overflow a stack or heap buffer depending on the specified sizes, and execute arbitrary code with SYSTEM privileges.

Solution

Upgrade to LANDesk 8.7 / 8.8 if necessary and apply the appropriate fix referenced in the vendor advisory.

See Also

http://dvlabs.tippingpoint.com/advisory/TPTI-08-06

https://seclists.org/fulldisclosure/2008/Sep/300

https://community.ivanti.com/login.jspa?referer=https://community.ivanti.com/docs/DOC-3276

Plugin Details

Severity: Critical

ID: 34243

File Name: landesk_qip_heal_overflow.nasl

Version: 1.12

Type: local

Agent: windows

Family: Windows

Published: 9/19/2008

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-2468

BID: 31193

CWE: 119

Secunia: 31888