search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Wyse Device Manager (WDM) HServer and HAgent contain multiple vulnerabilities

Vulnerability Note VU#654545

Original Release Date: 2009-10-13 | Last Revised: 2009-10-16

Overview

Wyse Device Manager (WDM) Server and HAgent contain several vulnerabilities. An attacker with network access to WDM components could execute arbitrary code on vulnerable systems.

Description

Wyse Device Manager (WDM, formerly known as Wyse Rapport) manages thin clients. Part of the server component (HServer) is implemented as an ISAPI filter on the Microsoft Windows Internet Information Server (IIS) platform. The client component (HAgent) runs as a service on Microsoft Windows systems.

WDM components contain several vulnerabilities:

    1. HServer (hserver.dll) User-Agent header stack buffer overflow and
    2. HAgent (hagent.exe) heap overflow (both overflows are CVE-2009-0693)
    3. HAgent does not authenticate commands (CVE-2009-0695)
    The first two issues are implementation defects. The third issue is caused by the lack of adequate cryptographic authentication and authorization.

    Impact

    An attacker with network access to WDM components could execute arbitrary code on a vulnerable system. The attacker could also execute unauthenticated management commands on a system running HAgent.

    Solution

    Please see Wyse Security Bulletin WSB09-01.

    Enable HTTPS

    Enabling HTTPS provides authentication between Hserver and HAgent nodes. HTTPS authenticates communication from an HServer host to an HAgent host. Depending on key distribution and PKI architecture, HTTPS should prevent an unauthenticated attacker from running management commands on an HAgent host.

    Vendor Information

    654545
     
    Expand all

    Wyse Affected

    Notified:  July 04, 2009 Updated: July 23, 2009

    Status

    Affected

    Vendor Statement

    We have not received a statement from the vendor.

    Vendor Information

    Please see Wyse Security Bulletin WSB09-01.


    CVSS Metrics

    Group Score Vector
    Base
    Temporal
    Environmental

    References

    Acknowledgements

    These vulnerabilities were analyzed and reported by Kevin Finisterre of Netragard/SNOsoft.

    This document was written by Art Manion.

    Other Information

    CVE IDs: CVE-2009-0693, CVE-2009-0695
    Severity Metric: 13.51
    Date Public: 2009-07-10
    Date First Published: 2009-10-13
    Date Last Updated: 2009-10-16 04:27 UTC
    Document Revision: 24

    Sponsored by CISA.

    Download PGP Key

    Read CERT/CC Blog

    Learn about Vulnerability Analysis