Executive Summary

Summary
Title LANDesk QIP service buffer overflow vulnerability
Informations
NameVU#538011First vendor Publication2008-09-17
VendorVU-CERTLast vendor Modification2008-09-17
Severity (Vendor) N/ARevisionM

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#538011

LANDesk QIP service buffer overflow vulnerability

Overview

The LANDesk Management Suite Intel QIP service contains a buffer overflow vulnerability.

I. Description

The LANDesk Intel QIP Server Service is used to configure policy management. The Intel QIP service allows LANDesk Agents to report status and make certain software requests.

A buffer overflow vulnerability exists in the Intel QIP service (Qipsrvr.exe).

II. Impact

A remote, unauthenticated attacker may be able to execute code with system privileges.

III. Solution

Upgrade

LANDesk has released updates to address this issue. See LANDesk DOC-3276 for more information.

Restrict access


The QIP service listens on 12175/tcp by default. Restricting access to this port by using access control lists or port filters may prevent this vulnerablility from being exploited.

Systems Affected

VendorStatusDate Updated
LANDeskVulnerable17-Sep-2008

References


http://community.landesk.com/support/docs/DOC-3276
http://dvlabs.tippingpoint.com/advisory/TPTI-08-06

Credit

Thanks to LANDesk for technical information that was used in this document. This issue was reported to LANDesk by TippingPoint DVLabs.

This document was written by Ryan Giobbi.

Other Information

Date Public09/12/2008
Date First Published09/17/2008 08:19:14 AM
Date Last Updated09/17/2008
CERT Advisory
CVE-ID(s)CVE-2008-2468
NVD-ID(s)CVE-2008-2468
US-CERT Technical Alerts
Metric3.21
Document Revision11

Original Source

Url : http://www.kb.cert.org/vuls/id/538011

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2
Application2
Application2

Open Source Vulnerability Database (OSVDB)

idDescription
48123LANDesk Multiple Products QIP Server Service (qipsrvr.exe) Heal Request Packe...

Snort® IPS/IDS

DateDescription
2014-01-10LANDesk Management Suite QIP service heal packet buffer overflow attempt
RuleID : 15968 - Revision : 2 - Type : EXPLOIT

Nessus® Vulnerability Scanner

DateDescription
2008-09-19Name : The remote Windows host has an application that is affected by a remote buffe...
File : landesk_qip_heal_overflow.nasl - Type : ACT_GATHER_INFO