Wednesday, February 24, 2016

FlexNet vulnerability in version and earlier

Flexera Software FlexNet Publisher, version and earlier, lmgrd and custom vendor daemon servers contain a buffer overflow vulnerability that may be leveraged to gain code execution. Vulnerability Note VU#485744 on CERT describes “Flexera Software FlexNet Publisher lmgrd contains a buffer overflow vulnerability”.

Users of affected software should contact product vendors for update information.

I checked if Autodesk has released an update but nothing so far. Check with your vendors and contact them if they have not provided an update.

ANSYS does have an update for this.

When there is an update for FlexNet ready from your vendor I foresee no problem to use JTB FlexReport or JTB FlexReport LT with it. Lmutil.exe that is in the JTB FlexReport folder or the folder where JTB FlexReport LT.exe is located could be updated but should not be affected by this vulnerability.

UPDATE March 3, 2016: Autodesk has released and is available here.

Some of the latest blog posts

Subscribe to RSS headline updates from:
Powered by FeedBurner