Executive Summary
| Summary | |
|---|---|
| Title | Wyse ThinOS LPD service buffer overflow vulnerability |
| Informations | |||
|---|---|---|---|
| Name | VU#320233 | First vendor Publication | 2010-08-16 |
| Vendor | VU-CERT | Last vendor Modification | 2010-08-16 |
| Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
Vulnerability Note VU#320233Wyse ThinOS LPD service buffer overflow vulnerabilityOverviewWyse ThinOS HF 4.4.079i has a buffer overflow vulnerability in the LPD service (515/tcp).I. DescriptionThe LPD service (515/tcp) on Wyse ThinOS HF 4.4.079i crashes when a long buffer is sent to it. This condition may exist in all versions before Wyse ThinOS 6.5.II. ImpactAn attacker can cause the device to crash and may be able to execute arbitrary code.III. SolutionThe vendor recommends users upgrade to Wyse ThinOS 6.5 or newer.Restrict Access
ReferencesThanks to Kevin Finisterres for reporting this vulnerability. This document was written by Jared Allar.
|
Original Source
| Url : http://www.kb.cert.org/vuls/id/320233 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 67279 | Wyse ThinOS LPD Service Unspecified Overflow |
