LANDESK pioneered the IT systems management category more than 25 years ago, and has lead with one of the most recognized and awarded solutions available—LANDESK Management Suite (now Ivanti Endpoint Manager).
- LANDesk Management Suite versions 8.7 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges.The vulnerability exists due to insufficient bounds checking in the Alert Service when handling data received over port 65535/udp. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted packet to this port to trigger a buffer overflow condition. Exploitation could allow the attacker to crash the affected service or execute arbitrary code with SYSTEM privileges.LANDesk has confirmed this vulnerability in a security article and released a temporary fix. Programa pdf gratis.
- Systems running LANDesk Management Suite versions 8.7 SP 2 or prior are vulnerable.
- The vulnerability exists due to a lack of bounds checking within the Alert Service, aolnsrvr.exe, when handling malicious data sent to its listening port, 65535/udp. Free download lagu jepang yang enak. The aolnsrvr.exe process accepts user-supplied data and copies it into a fixed-length buffer. An unauthenticated, remote attacker could trigger a stack-based buffer overflow by sending excessive amounts of data via port 65535/udp. The resulting buffer overflow can be exploited to crash the affected service or allow an attacker to execute arbitrary code with SYSTEM privileges.
- An attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges, which could result in a full system compromise. Failed exploit attempts crash the Alert Service. While a hotfix is available from the vendor, it has not been fully tested. For this reason, administrators are advised to wait for a service pack that includes the fix to this vulnerability unless it is being actively exploited.
- Administrators are advised to apply the hotfix if this vulnerability is being targeted for exploitation. Otherwise, administrators are advised to contact the vendor for information on the availability of a Service Pack that contains this fix.Administrators are advised to block port 65535 at the perimeter to prevent external attackers from exploiting this vulnerability.Administrators are also advised to use IP -based ACLs to restrict access to affected systems on port 65535 to trusted systems only.
- LANDesk has released a knowledge base article for registered users at the following link: KB Article 4142
Landesk Management Suite 2016
- LANDesk customers in need of an immediate fix are advised to apply the latest service pack and install the hotfix INST-11050687.2. Customers must contact the vendor directly to obtain this hofix. However, administrators should note that this hotfix has not undergone extensive testing and should not be installed unless this vulnerability is being actively exploited. A stable fix will be available in a future service pack.