4 Replies Latest reply on Feb 21, 2017 11:50 AM by phoffmann

    CVE-2016-3147 - LDMS 2016 Critical Vulnerability

    alarson Apprentice

      I believe is the initial pre-SP version of 2016?  Can someone please confirm the patch(es) that mitigate this?


      NVD - Detail


      Buffer overflow in the collector.exe listener of the Landesk Management Suite and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet.

        • 1. Re: CVE-2016-3147 - LDMS 2016 Critical Vulnerability
          michael.odriscoll SupportEmployee

          Hi Andrew,


          Thanks for posting to the Community.


          Did you manage to find an answer to this question? Please share anything you can here, it might help someone with a similar question.



          • 2. Re: CVE-2016-3147 - LDMS 2016 Critical Vulnerability
            alarson Apprentice

            Hi Michael, no I have not heard a response.  One would think the response needs to come from an Ivanti employee (such as yourself?).

            One would assume, based on version numbers, that 2016 SP3 mitigates this CVE, though the timing of the CVE publishing has me unsure, hence my posting.

            • 3. Re: CVE-2016-3147 - LDMS 2016 Critical Vulnerability

              I am running 10.1 (AKA SU1 or 2016-0830B or 2016.3 or 10.1) and the collector.exe is v. dated 9/21/2016. It is later version than the one you posted.


              There is an entry into the community about this CVE-2016-3147: Collector.exe Denial-of-Service

              LANDESK is aware of the vulnerability inside of collector.exe which is currently used by our Alerting component. This problem is fixed in 2016.3 and newer, and 9.6 SP3 SU1 and newer. Please update and update your agents to resolve this issue.


              Fixed in file version: (2016.3), (9.6 SP3 SU2)


              I hope this helps you.

              • 4. Re: CVE-2016-3147 - LDMS 2016 Critical Vulnerability
                phoffmann SupportEmployee

                jabramson - Thank you kindly for posting the correct links & information up. Nicely detailed . (Marked it as the correct answer, as you've got all the bases covered).


                alarson - yes, we usually get tagged about CVE's affecting us pretty quick & try to deal with them as quickly as possible. Usually each such CVE has its own bulletin on the community (where we detail whether or not we're affected. For instance, while a lot of the SSL issues of the last few years didn't really affect us, we still bumped those files up to ensure that folks can rest easy from the "verifiable" point of view, not just a technical explanation).


                The article pointed to above covering this CVE was published about 24 hrs after your initial post, so you just got in a little early with it, before we had something official up (which comes after initial technical evaluation, as we try to have some useful facts to post first).


                Hope that helps? .

                1 of 1 people found this helpful