1 2 Previous Next 18 Replies Latest reply on Sep 23, 2008 12:39 PM by Dicipulus

    QIP service Vulnerability workaround?

    Rookie

      Is it possible to disable the QIP service as a workaround until we can deploy the update to the vulnerability listed here:

      Vulnerability in Intel QIP Service  ?

       

      We do not want to affect other services, but never under any circumstances do we use Application Healing.

       

      Thanks in advance.

        • 1. Re: QIP service Vulnerability workaround?
          MarkB SupportEmployee

          Yes you can.

           

          Stop the service, and set it to Manual.

           

          The qipservice is for the task completion calls. Ths architecture has changed and we no longer make those calls. We keep the service there for backward compatibility for old clients.

          • 2. Re: QIP service Vulnerability workaround?
            Apprentice

            Hi,

             

            Will this vulnerability be included in the Patch Content download service in the near future? and if so when will it be included?.

            And finally ,is it advisable waiting for the Patch content to be updated in order to deploy the patch instead of installing the LDMS  8.8 SWD-1620988.2 already available for downloading manually from the LANDesk support website?

             

            Best

            • 3. Re: QIP service Vulnerability workaround?
              phoffmann SupportEmployee

              You can request content to be added through enhancement requests. You know this.

               

              Doesn't take long either.

               

              Paul Hoffmann

              LANDesk EMEA Technical Lead

              • 4. Re: QIP service Vulnerability workaround?
                MarXtar ITSMMVPGroup

                That wasn't a request it was a question.

                • 5. Re: QIP service Vulnerability workaround?
                  Rookie

                  Thanks, Mark, for the helpful, informative, and quick reply.  We have disabled the service and will likely wait for a normal patch cycle to apply the fix.  We have buffer overflow protection in place on our domain as it is.

                   

                  As for the other posts,  I'm a bit confused as to why it would be necessary to request a patch be added to the built-in patching mechanism LANDesk provides.  A patch of this type should be there immediately and automatically once released, no?

                   

                  Further, it seems to me the workaround of disabling the service should have been posted with the bulletin or at least in the readme, both of which were short and skimpy on details.  LANDesk was notified in advance of this vulnerability by TippingPoint and had time to prepare proper documentation.

                  • 6. Re: QIP service Vulnerability workaround?
                    Apprentice

                    MarkB wrote:

                    Yes you can.

                     

                    Stop the service, and set it to Manual.

                     

                    The qipservice is for the task completion calls. Ths architecture has changed and we no longer make those calls. We keep the service there for backward compatibility for old clients.

                    Since which version this has been changed?

                    • 7. Re: QIP service Vulnerability workaround?
                      Apprentice

                      Agree with Lowell Williams. It seems lately that every bit of a problem reported should be naturally taken as an ER, and defects in LANDesk where not defects any longer as worked "as designed".

                      • 8. Re: QIP service Vulnerability workaround?
                        MarXtar ITSMMVPGroup

                        Validity on both sides here.

                         

                        If you are asking LANDesk to add something to patch manager that it doesn't already have as content then that is a valid ER; however in this case it would be valid to assume that since LANDesk provide content to patch their own product that it would be included. That is why this is really a question rather than an ER since we would like to know if/when it will be added as content. If it isn't being added I would ask why.

                         

                        Regarding other items, if you are asking for LANDesk to do something that it was not designed to do or asking for it to do it in a different way, this cannot be anything other than an ER.

                         

                        If it is meant to do something and it blatantly does not it is a bug. Be careful here because 'works as designed' is a catch-all and be completely valid even if it irritates you to death since it can appear ilogical but be doing things exactly as it wasmeant to.

                         

                        As far as the workaround is concerned I can see LANDesk's point; why give etails of a workaround that takes potentially more effort to apply than deploying the patch that ould fix the potential issue?  If there is a simple fix you don't really need a workaround do you?

                         

                        Mark Star - MarXtar LANDesk Enhancements

                        Home of Power State Notifier & Wake-On-WAN for LANDesk

                        • 9. Re: QIP service Vulnerability workaround?
                          phoffmann SupportEmployee

                          Thank you for seeing things from both points of view, Mark.

                           

                          However, there are strong internal processes to determine what does and what does not determine whether a particular (LANDesk) patch becomes part of the content.

                           

                          If you want to circumvent these processes, it's an ER - pure and simple, if you feel strongly that this is the right thing to do.

                           

                          People who are concerned about the vulnerability could check the community and find -- http://community.landesk.com/support/docs/DOC-3276 -- or they'd contact support (and get the patch there). If this happens often enough (and other things happen), the patch gets added to content via internal processes.

                           

                          If you want to skip these internal cogs, it's an ER. Response times to new patch content is usually pretty quick.

                           

                          Paul Hoffmann

                          LANDesk EMEA Technical Lead

                          • 10. Re: QIP service Vulnerability workaround?
                            MarXtar ITSMMVPGroup

                            Understood Paul but still don't see the "Yes it will be added" or "No it won't be added" answer to find out if it need to be requested as an ER.  If you look at the doc you referenced I added a comment shortly after it was published with this question.

                             

                            Mark Star - MarXtar LANDesk Enhancements

                            Home of Power State Notifier & Wake-On-WAN for LANDesk

                            • 11. Re: QIP service Vulnerability workaround?
                              Rookie

                              It is not always practical to install a patch - especially when there is little vendor documentation to describe what that patch might affect and/or a change management processes is in effect that would not allow a patch to be applied prior to thorough testing but would allow a workaround to be applied.  Effort is not an issue.  The issue is how to best resolve the problem. 

                              • 12. Re: QIP service Vulnerability workaround?
                                Rookie

                                This information *really* should have been included in the original advisory. 

                                 

                                Along the same lines, the advisory really should have been announced to users of LANDesk software.  I receive plenty of marketing newsletters from LANDesk but I have yet to see anything in my inbox from LANDesk about this advisory.  I didn't find out about it until I stumbled on it while browsing security lists.

                                • 13. Re: QIP service Vulnerability workaround?
                                  phoffmann SupportEmployee

                                  Urm ... you mean THIS bulletin ...:

                                  http://community.landesk.com/support/docs/DOC-3299

                                   

                                  You know, you CAN subscribe to patch bulletins, where this is mentioned.

                                   

                                  Criticising for stuff we already do isn't exactly overly helpful. If you want the bulletins, please go and subscribe for them.

                                   

                                  1 - go to http://community.landesk.com/support/community/security/bulletin

                                  2 - Click on "Receive email notifications"

                                   

                                  ... can't make it much easier.

                                   

                                  Also, a security bulletin isn't really (in my eyes at least) the best place for hacks / alternate workarounds. A patch has been made for a vulnerability. If for some reason or another you can't deploy it, then this is something that should be taken up with your TAM (if you have one) / the support group on an individual basis to work out what works best for you / your environment.

                                   

                                  Paul Hoffmann

                                  LANDesk EMEA Technical Lead

                                   

                                  • 14. Re: QIP service Vulnerability workaround?
                                    Rookie

                                    When I stumbled on the first bulletin I was rather annoyed that I wasn't notified, so I started looking for a place where security advisories in your products were documented.  I found the security bulletin forum and promptly moved on because, at the time, it only mentioned products from other vendors. 

                                     

                                    So yes, that bulletin.  That bulletin which didn't exist until 5 days after the first bulletin was published on the software distribution forum. 

                                     

                                    I apologize for complaining about my own misinformation, but I don't apologize about letting you know that you didn't responsibly inform your customers.  Informing your customers 5 days after the coordinated public disclosure of this remotely exploitable vulnerability in your product was simply irresponsible. 

                                    1 2 Previous Next