In association with heise online

14 July 2009, 10:55

Critical hole in Wyse Thin Clients

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Thin Client vendor Wyse has released a security fix (direct download) to close a critical security vulnerability in its products. Wyse promotes a high level of security, especially immunity to viruses and malware, in its diskless Thin and Zero Clients. However, the current critical vulnerability, apparently allows intruders to directly attack and take control of a client.

Using specially crafted packets, attackers can provoke a buffer overflow in the Wyse Device Manager (WDM) Server and in the WDM Agent, which enables them to inject and execute arbitrary code in the system. The WDM Agent runs on the thin clients and searches the local network for the presence of WDM servers. Kevin Finisterre, who discovered the vulnerabilities, has reportedly developed working exploits for WDM server running on Windows 2000 and for the WDM Agent running on Windows XP systems embedded in the client.

According to the vendor's security advisory, WDM Server 4.7.x and Wyse 9x, 5x and 3x series devices are all affected. The security fix should only be installed on systems running the current 4.7.2 release of WDM. Wyse recommends that users install the update as soon as possible.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-742471
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit