search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Wyse Device Manager (WDM) HServer and HAgent contain multiple vulnerabilities

Vulnerability Note VU#654545

Original Release Date: 2009-10-13 | Last Revised: 2009-10-16


Wyse Device Manager (WDM) Server and HAgent contain several vulnerabilities. An attacker with network access to WDM components could execute arbitrary code on vulnerable systems.


Wyse Device Manager (WDM, formerly known as Wyse Rapport) manages thin clients. Part of the server component (HServer) is implemented as an ISAPI filter on the Microsoft Windows Internet Information Server (IIS) platform. The client component (HAgent) runs as a service on Microsoft Windows systems.

WDM components contain several vulnerabilities:

    1. HServer (hserver.dll) User-Agent header stack buffer overflow and
    2. HAgent (hagent.exe) heap overflow (both overflows are CVE-2009-0693)
    3. HAgent does not authenticate commands (CVE-2009-0695)
    The first two issues are implementation defects. The third issue is caused by the lack of adequate cryptographic authentication and authorization.


    An attacker with network access to WDM components could execute arbitrary code on a vulnerable system. The attacker could also execute unauthenticated management commands on a system running HAgent.


    Please see Wyse Security Bulletin WSB09-01.

    Enable HTTPS

    Enabling HTTPS provides authentication between Hserver and HAgent nodes. HTTPS authenticates communication from an HServer host to an HAgent host. Depending on key distribution and PKI architecture, HTTPS should prevent an unauthenticated attacker from running management commands on an HAgent host.

    Vendor Information


    Wyse Affected

    Notified:  July 04, 2009 Updated: July 23, 2009



    Vendor Statement

    We have not received a statement from the vendor.

    Vendor Information

    Please see Wyse Security Bulletin WSB09-01.

    CVSS Metrics

    Group Score Vector



    These vulnerabilities were analyzed and reported by Kevin Finisterre of Netragard/SNOsoft.

    This document was written by Art Manion.

    Other Information

    CVE IDs: CVE-2009-0693, CVE-2009-0695
    Severity Metric: 13.51
    Date Public: 2009-07-10
    Date First Published: 2009-10-13
    Date Last Updated: 2009-10-16 04:27 UTC
    Document Revision: 24

    Sponsored by CISA.