SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   LANDesk Management Suite Vendors:   LANDesk Software
LANDesk Management Suite 'IRCRBOOT.DLL' Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1008561
SecurityTracker URL:  http://securitytracker.com/id/1008561
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 27 2003
Impact:   Execution of arbitrary code via network, User access via network

Version(s): 7.0, possibly 8.0
Description:   Tri Huynh from SentryUnion reported a buffer overflow vulnerability in LANDesk Management Suite in IRCRBOOT.DLL. A remote user may be able to execute arbitrary code.

It is reported that the IRCRBOOT.DLL ActiveX/COM component has a buffer overflow in the SetClientAddress() function. A remote user can create HTML that, when loaded by the target user, will supply a specially crafted bszAddr parameter to the function to trigger the overflow and execute arbitrary code [however, code execution was not explicitly confirmed in the report].

The vendor has reportedly been notified.

Impact:   A remote user can create HTML that, when loaded by the target user, will cause arbitrary code to be executed on the target user's system with the privileges of the target user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.landesk.com/products/ilms/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Landesk Management Suite IRCRBOOT.DLL buffer overflow


Landesk Management Suite IRCRBOOT.DLL buffer overflow
  =================================================

  PROGRAM: Landesk Management Suite
HOMEPAGE: http://www.landesk.com
VULNERABLE VERSIONS: 8.0 (untested, but highly possible vulnerable)
                                                7.0 and below (tested)


  DESCRIPTION
  =================================================

  Landesk Management Suite is the flagship of LANDesk family of
  systems  management products in managing medium-to-large networks.
management tasks and proactively control desktops, servers and mobile
devices - all from a single console.


  DETAILS
  =================================================

Continuing our goal on cleaning dangerous ActiveX/COM components in
popular products, we have developed a Fuzzing Tool for ActiveX/COM
called "XKnight" (Not XXX, you perverts ! 8-) . XKnight works by fuzzing
the interface of the component to hunt for low-hanging fruits. And
fortunately, there are so many low-hanging fruits out there !!!

  IRCRBOOT.DLL  is an ActiveX/COM component that comes with
  Landesk Management Suite. YAUTO.DLL is registered under a CLSID named
  "DACBF5A1-33C5-11D3-A97E-00C04F72C145". In this component,
  function SetClientAddress(bszAddr as String) is vulnerable to a
  bufferoverflow  attack when argument bszAddr is passed with a long string.
  Since this is an ActiveX component, the vulnerability can
  be exploited just by making a website with the correct CLSID of
  the ActiveX and calling the function directly.


  WORKAROUND
  =================================================

  Waiting and apply the patch from vendor and/or remove the file
  temporary. Vendor is contacted (privacy@landesk.com) more than
3 weeks and they don't give a damn ! By the way, they don't put
an email on their website for contacting regarding about security problems.



  CREDITS
  =================================================

  Discovered by Tri Huynh from SentryUnion


  DISLAIMER
  =================================================

  The information within this paper may change without notice. Use of
  this information constitutes acceptance for use in an AS IS condition.
  There are NO warranties with regard to this information. In no event
  shall the author be liable for any damages whatsoever arising out of
  or in connection with the use or spread of this information. Any use
  of this information is at the user's own risk.


  FEEDBACK
  =================================================

  Please send suggestions, updates, and comments to: trihuynh@zeeup.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC