LANDesk Multiple Products QIP Server Service (qipsrvr.exe) Heal Request Packet Handling Overflow
Critical Nessus Plugin ID 34243
SynopsisThe remote Windows host has an application that is affected by a remote buffer overflow vulnerability.
DescriptionLANDesk Management Suite, used to automate system and security management tasks, is installed on the remote host.
The version of LANDesk Management Suite includes an instance of the Intel QIP Server Service that makes a call to 'MultiByteToWideChar()' using values from packet data. Using a specially crafted 'heal' request, a remote attacker can leverage this issue to control both the pointer to the function's 'StringToMap' and 'StringSize' arguments, overflow a stack or heap buffer depending on the specified sizes, and execute arbitrary code with SYSTEM privileges.
SolutionUpgrade to LANDesk 8.7 / 8.8 if necessary and apply the appropriate fix referenced in the vendor advisory.