CVE-2008-2468
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Manager 8.8 and earlier allow remote attackers to execute arbitrary code via a crafted heal request, related to the StringToMap and StringSize arguments.
Múltiples desbordamientos del búfer en el Servicio Servidor QIP (también conocido como qipsrvr.exe) en LANDesk Management Suite, Security Suite y Server Manager 8.8 y anteriores; permiten a atacantes remotos ejecutar código de su elección a través de una solicitud de cierre manipulada. Está relacionado con los argumentos StringToMap y StringSize.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-05-28 CVE Reserved
- 2008-09-16 CVE Published
- 2024-02-21 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://dvlabs.tippingpoint.com/advisory/TPTI-08-06 | X_refsource_misc | |
| http://secunia.com/advisories/31888 | Third Party Advisory | |
| http://securityreason.com/securityalert/4269 | Third Party Advisory | |
| http://www.kb.cert.org/vuls/id/538011 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/496369/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1020888 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/2588 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45154 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://community.landesk.com/support/docs/DOC-3276 | 2018-10-11 | |
| http://www.securityfocus.com/bid/31193 | 2018-10-11 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Landesk Search vendor "Landesk" | Landesk Management Suite Search vendor "Landesk" for product "Landesk Management Suite" | <= 8.8 Search vendor "Landesk" for product "Landesk Management Suite" and version " <= 8.8" | - |
Affected
| ||||||
| Landesk Search vendor "Landesk" | Landesk Management Suite Search vendor "Landesk" for product "Landesk Management Suite" | 8.7 Search vendor "Landesk" for product "Landesk Management Suite" and version "8.7" | - |
Affected
| ||||||
| Landesk Search vendor "Landesk" | Landesk Security Suite Search vendor "Landesk" for product "Landesk Security Suite" | <= 8.8 Search vendor "Landesk" for product "Landesk Security Suite" and version " <= 8.8" | - |
Affected
| ||||||
| Landesk Search vendor "Landesk" | Landesk Security Suite Search vendor "Landesk" for product "Landesk Security Suite" | 8.7 Search vendor "Landesk" for product "Landesk Security Suite" and version "8.7" | - |
Affected
| ||||||
| Landesk Search vendor "Landesk" | Landesk Server Manager Search vendor "Landesk" for product "Landesk Server Manager" | <= 8.8 Search vendor "Landesk" for product "Landesk Server Manager" and version " <= 8.8" | - |
Affected
| ||||||
| Landesk Search vendor "Landesk" | Landesk Server Manager Search vendor "Landesk" for product "Landesk Server Manager" | 8.7 Search vendor "Landesk" for product "Landesk Server Manager" and version "8.7" | - |
Affected
| ||||||