FlexNet License Server Manager 'lmgrd' Component Stack BOF Vulnerability Network Vulnerability

Summary

This host is running FlexNet License Server Manager and is prone to stack buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service condition. Impact Level: System/Application

Solution

Upgrade to FlexNet License Server Manager version 11.10 or later, For updates refer to http://www.flexerasoftware.com/

Insight

The flaw is due to an error within the License Server Manager 'lmgrd' component when processing certain packets. This can be exploited to cause a stack based buffer overflow by sending specially crafted packets to TCP port 27000.

Affected

Flexera Software FlexNet License Server Manager versions 11.9.1 and prior

References

http://aluigi.altervista.org/adv/lmgrd_1-adv.txt
http://osvdb.org/81899
http://www.exploit-db.com/exploits/18877
http://www.flexerasoftware.com/pl/13057.htm
http://www.zerodayinitiative.com/advisories/ZDI-12-052/

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Buffer Overflow Vulnerability in Adobe Acrobat and Reader (Win)
ChaSen Buffer Overflow Vulnerability (Linux)
Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Win)
Advantech Studio Multiple Buffer Overflow Vulnerabilities
Adobe Reader/Acrobat Multiple BOF Vulnerabilities - Jun09 (Win)

Take action and discover your vulnerabilities