Wyse Device Manager (WDM) HServer and HAgent contain multiple vulnerabilities

Overview

Wyse Device Manager (WDM) Server and HAgent contain several vulnerabilities. An attacker with network access to WDM components could execute arbitrary code on vulnerable systems.

Description

Wyse Device Manager (WDM, formerly known as Wyse Rapport) manages thin clients. Part of the server component (HServer) is implemented as an ISAPI filter on the Microsoft Windows Internet Information Server (IIS) platform. The client component (HAgent) runs as a service on Microsoft Windows systems.

WDM components contain several vulnerabilities:

1. HServer (hserver.dll) User-Agent header stack buffer overflow and
2. HAgent (hagent.exe) heap overflow (both overflows are CVE-2009-0693)
3. HAgent does not authenticate commands (CVE-2009-0695)
   The first two issues are implementation defects. The third issue is caused by the lack of adequate cryptographic authentication and authorization.

---

Impact

An attacker with network access to WDM components could execute arbitrary code on a vulnerable system. The attacker could also execute unauthenticated management commands on a system running HAgent.

---

Solution

Please see Wyse Security Bulletin WSB09-01.

---

Enable HTTPS

Enabling HTTPS provides authentication between Hserver and HAgent nodes. HTTPS authenticates communication from an HServer host to an HAgent host. Depending on key distribution and PKI architecture, HTTPS should prevent an unauthenticated attacker from running management commands on an HAgent host.

---

Vendor Information

654545

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Wyse __ Affected

Notified: July 04, 2009 Updated: July 23, 2009

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Please see Wyse Security Bulletin WSB09-01.

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://osvdb.org/show/osvdb/55808&gt;
• <http://www.wyse.com/serviceandsupport/support/WSB09-01.zip&gt;
• <http://www.wyse.com/serviceandsupport/Wyse Security Bulletin WSB09-01.pdf&gt;
• <http://www.theregister.co.uk/2009/07/10/wyse_remote_exploit_bugs/&gt;
• <http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0101.html&gt;

Acknowledgements

These vulnerabilities were analyzed and reported by Kevin Finisterre of Netragard/SNOsoft.

This document was written by Art Manion.

Other Information

CVE IDs:	CVE-2009-0693, CVE-2009-0695
Severity Metric:	13.51 Date Public: