Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Security Update available for Wyse Device Manager InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Security Update available for Wyse Device Manager

Published: 2009-07-13
Last Updated: 2011-01-25 00:06:58 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

From their advisory: "Buffer overflow vulnerabilities have been reported in Wyse Device Manager (WDM) Server and the WDM HAgent. A carefully crafted packet sent to the WDM Server port or the WDM Agent would crash the service, and could potentially allow the attacker to take control of the affected system. The security update addresses the vulnerability by modifying the way WDM validates the data and handles the error resulting in the exploitable condition. Wyse recommends that customers upgrade to the latest version of WDM (4.7.2) and apply the security update at the earliest opportunity."

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

0 comment(s)
Diary Archives