Affected vendor: Flexera Software (http://www.flexerasoftware.com/)
Affected product: Flexera Software License Server Manager
Details of Vulnerability:
Attackers can remotely, and without authentication, execute arbitrary code on vulnerable installations of Flexera’s License Server Manager. This is made possible by taking advantage of a flaw within the Imadmin component.
“When handling a packet type having the opcode 0x2f the process trusts a user provided value when calculating the bytes remaining in the packet. Using this tainted remaining length value the process then copies packet data into a buffer on the heap.” – http://www.securityfocus.com/archive/1/519060
Response:
Flexera has entered the vulnerability into its technical support case tracking system as IOC-000086525. According to Flexera, the Flexnet License Server components (which include lmgrd, lmadmin, and each vendor daemon) are only to be used in safe networks controlled by the Flexnet software owner. If these components are deployed in environments like the internet and a public cloud, they will be able to be manipulated by remote attackers. However, Flexera suggests that more deployment environments will be made available in the future. Since Flexera has not released a patch within The Zero Day Initiative’s 180-day deadline, it has made the software vulnerability public.
Timeline: 2011-01-24 – Vulnerability reported to vendor
2011-07-28 – Coordinated public release of advisory
Credit: Luigi Auriemma
