Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:5578
HistoryDec 29, 2003 - 12:00 a.m.

Landesk Management Suite IRCRBOOT.DLL buffer overflow

2003-12-2900:00:00
vulners.com
6
JSON

Landesk Management Suite IRCRBOOT.DLL buffer overflow

PROGRAM: Landesk Management Suite
HOMEPAGE: http://www.landesk.com
VULNERABLE VERSIONS: 8.0 (untested, but highly possible vulnerable)
7.0 and below (tested)

DESCRIPTION

Landesk Management Suite is the flagship of LANDesk family of
systems management products in managing medium-to-large networks.
LANDeskยฎ Management Suite enables IT professionals to automate systems
management tasks and proactively control desktops, servers and mobile
devices - all from a single console.

DETAILS

Continuing our goal on cleaning dangerous ActiveX/COM components in
popular products, we have developed a Fuzzing Tool for ActiveX/COM
called "XKnight" (Not XXX, you perverts ! 8-) . XKnight works by fuzzing
the interface of the component to hunt for low-hanging fruits. And
fortunately, there are so many low-hanging fruits out there !!!

IRCRBOOT.DLL is an ActiveX/COM component that comes with
Landesk Management Suite. YAUTO.DLL is registered under a CLSID named
"DACBF5A1-33C5-11D3-A97E-00C04F72C145". In this component,
function SetClientAddress(bszAddr as String) is vulnerable to a
bufferoverflow attack when argument bszAddr is passed with a long string.
Since this is an ActiveX component, the vulnerability can
be exploited just by making a website with the correct CLSID of
the ActiveX and calling the function directly.

WORKAROUND

Waiting and apply the patch from vendor and/or remove the file
temporary. Vendor is contacted ([email protected]) more than
3 weeks and they don't give a damn ! By the way, they don't put
an email on their website for contacting regarding about security problems.

CREDITS

Discovered by Tri Huynh from SentryUnion

DISLAIMER

The information within this paper may change without notice. Use of
this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information. In no event
shall the author be liable for any damages whatsoever arising out of
or in connection with the use or spread of this information. Any use
of this information is at the user's own risk.

FEEDBACK

Please send suggestions, updates, and comments to: [email protected]

JSON