Detections
Analytics
FlexNet License Multiple Vulnerabilities
critical Nessus Plugin ID 58273
Language:
Synopsis
The remote Windows host contains a license management application installed that allows execution of arbitrary code.Description
The version of FlexNet License Manager installed on the remote Windows host is earlier than 11.10.0.3. As such, it is potentially affected by multiple vulnerabilities :- Multiple problems exist that allow an attacker to
influence the saving and loading of log files on the
server. By utilizing a directory traversal issue and
some file renaming bugs, an attacker can leverage these
vulnerabilities to execute arbitrary code subject to
the user running the affected application.
- A buffer overflow vulnerability exists that coul lead to
arbitrary code execution.
Solution
If using IBM Rational License Key Server, apply the vendor-supplied hotfix.Otherwise, upgrade the FlexNet lmgrd License Server Manager to 11.10.0.3 / 11.10.1 or later.
See Also
http://aluigi.altervista.org/adv/lmgrd_1-adv.txt
https://www.zerodayinitiative.com/advisories/ZDI-11-272/
https://www.zerodayinitiative.com/advisories/ZDI-12-052/
https://www.flexera.com/landing/hotfix-lmgrd-license-server-manager.html
Plugin Details
Severity: Critical
ID: 58273
File Name: flexnet_license_server_manager_code_exec.nasl
Version: 1.16
Type: local
Agent: windows
Family: Windows
Published: 3/7/2012
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
Required KB Items: SMB/Flexera FlexNet License Server/Version, SMB/Flexera FlexNet License Server/Path
Exploit Ease: No known exploits are available
Patch Publication Date: 10/14/2011
Vulnerability Publication Date: 8/16/2011
Exploitable With
Metasploit (FlexNet License Server Manager lmgrd Buffer Overflow)
Reference Information
CVE: CVE-2011-1389, CVE-2011-4135