CVE-2016-3147 2016-10-12T17:34:57+00:00

SUMMARY

The following vulnerability was found in Landesk Management Suite Collector Service

CVE-2016-3147

A specific packet receiving function inside the collector.exe listener of the Landesk Management Suite does not properly check the length of an allocated buffer before copying packet data to said buffer. As a result a packet of sufficient length will overflow onto the stack, which results in a buffer overflow.

IMPACT

Access Vector:Local
Access Complexity:Low
Authentication:Not required to exploit
Impact Type:Allows unauthorized disclosure of information; code execution; disruption of service
Privilege Level:SYSTEM

AFFECTED PRODUCTS

  • Landesk Management Suite (collector.exe version 10.0.0.271 and previous)

SOFTWARE FIXES

  • None currently

TIMELINE

REFERENCES