Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.FLEXNET_LICENSE_SERVER_MANAGER_CODE_EXEC.NASL
HistoryMar 07, 2012 - 12:00 a.m.

FlexNet License Multiple Vulnerabilities

2012-03-0700:00:00
This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
www.tenable.com
118

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.135

Percentile

95.7%

JSON

The version of FlexNet License Manager installed on the remote Windows host is earlier than 11.10.0.3. As such, it is potentially affected by multiple vulnerabilities :

  • Multiple problems exist that allow an attacker to

influence the saving and loading of log files on the

server. By utilizing a directory traversal issue and

some file renaming bugs, an attacker can leverage these

vulnerabilities to execute arbitrary code subject to

the user running the affected application.

  • A buffer overflow vulnerability exists that coul lead to

arbitrary code execution.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(58273);
  script_version("1.16");
  script_cvs_date("Date: 2018/11/15 20:50:26");

  script_cve_id("CVE-2011-1389", "CVE-2011-4135");
  script_bugtraq_id(49191, 52718);
  script_xref(name:"EDB-ID", value:"18877");

  script_name(english:"FlexNet License Multiple Vulnerabilities");
  script_summary(english:"Checks version of lmgrd.exe");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a license management application
installed that allows execution of arbitrary code.");
  script_set_attribute(attribute:"description", value:
"The version of FlexNet License Manager installed on the remote
Windows host is earlier than 11.10.0.3. As such, it is potentially
affected by multiple vulnerabilities :

- Multiple problems exist that allow an attacker to

influence the saving and loading of log files on the

server. By utilizing a directory traversal issue and

some file renaming bugs, an attacker can leverage these

vulnerabilities to execute arbitrary code subject to

the user running the affected application.

- A buffer overflow vulnerability exists that coul lead to

arbitrary code execution.");
  script_set_attribute(attribute:"see_also", value:"http://aluigi.altervista.org/adv/lmgrd_1-adv.txt");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-272/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-052/");
  script_set_attribute(attribute:"see_also", value:"https://www.flexera.com/landing/hotfix-lmgrd-license-server-manager.html");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21577760");
  script_set_attribute(attribute:"solution", value:
"If using IBM Rational License Key Server, apply the vendor-supplied
hotfix.

Otherwise, upgrade the FlexNet lmgrd License Server Manager to
11.10.0.3 / 11.10.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"metasploit_name", value:'FlexNet License Server Manager lmgrd Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/10/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("flexnet_license_server_detect.nasl", "smb_enum_services.nasl");
  script_require_keys("SMB/Flexera FlexNet License Server/Version", "SMB/Flexera FlexNet License Server/Path");

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("smb_func.inc");

version = get_kb_item_or_exit('SMB/Flexera FlexNet License Server/Version');
path = get_kb_item_or_exit('SMB/Flexera FlexNet License Server/Path');
service = get_kb_item('SMB/Flexera FlexNet License Server/Service');
if (isnull(service)) service = 'FLEXlm License Manager';

# Unless we're paranoid, make sure the service is running
if (report_paranoia < 2)
{
  status = get_kb_item('SMB/svc/'+service);
  if (status != SERVICE_ACTIVE)
    exit(0, 'The FlexNet License Manager is installed but not active.');
}

fix = '11.10.0.3';
if (ver_compare(ver:version, fix:fix) == -1)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  if (report_verbosity > 0)
  {
    report =
      '\n  File              : ' + path + '\\lmgrd.exe' +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 11.10.0.3 / 11.10.1\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
exit(0, 'The file version of \''+path+'\\lmgrd.exe\' is '+version+' and thus is not affected.');

Related

cve 2
cvelist 2
prion 2
nvd 2
ibm 2
kaspersky 1
cve
cve
CVE-2011-1389
2012-01-19 19:55:00
CVE-2011-4135
2012-01-19 19:55:01
cvelist
cvelist
CVE-2011-4135
2012-01-19 19:00:00
CVE-2011-1389
2012-01-19 19:00:00
prion
prion
Directory traversal
2012-01-19 19:55:00
Directory traversal
2012-01-19 19:55:00
nvd
nvd
CVE-2011-4135
2012-01-19 19:55:01
CVE-2011-1389
2012-01-19 19:55:00
ibm
ibm
Security Bulletin: Vulnerability in Rational License Key Server affecting both the license server, lmgrd, and the vendor daemon, ibmratl (CVE-2011-1389)
2018-06-17 04:35:02
Security Bulletin: Rational License Key Server vulnerability affecting license server, lmgrd, and the vendor daemon, ibmratl (CVE-2011-1389)
2018-06-17 04:42:49
kaspersky
kaspersky
KLA10163 ACE vulnerability in FlexNet Publishier
2012-01-13 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.135

Percentile

95.7%

JSON
Related for FLEXNET_LICENSE_SERVER_MANAGER_CODE_EXEC.NASL
cve2cvelist2prion2nvd2ibm2kaspersky1