Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2468

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-2468
Last Modified 07 Mar 2011 10:09:14
Published 18 Sep 2008 11:04:27
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2468

Summary

Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Manager 8.8 and earlier allow remote attackers to execute arbitrary code via a crafted heal request, related to the StringToMap and StringSize arguments.

Vulnerable Systems

Application

  • Landesk Management Suite 8.7

  • Landesk Management Suite 8.8

  • Landesk Security Suite 8.7

  • Landesk Security Suite 8.8

  • Landesk Server Manager 8.7

  • Landesk Server Manager 8.8


References

CERT-VN - VU#538011

BID - 31193

CONFIRM - http://community.landesk.com/support/docs/DOC-3276

XF - landesk-qip-bo(45154)

VUPEN - ADV-2008-2588

SECTRACK - 1020888

BUGTRAQ - 20080915 TPTI-08-06: Landesk QIP Server Service Heal Packet Buffer Overflow

SREASON - 4269

SECUNIA - 31888

MISC - http://dvlabs.tippingpoint.com/advisory/TPTI-08-06


Last Updated: 27 May 2016 10:47:52