Monday, May 14, 2012

FlexNet License Server Manager lmgrd.exe Security Vulnerability

FlexNet License Server Manager version 11.9.1 and others earlier have a bug in lmgrd that can cause a stack overflow.

“The server is affected by a classical stack buffer-overflow in the
function that copies the data received after the header in a buffer
smaller than the needeed bytes. … lmadmin is not affected.” Ref. lmgrd advisory that was made public 13 May 2012 by Luigi Auriemma but found already back in 26 Oct 2010.

Recommendation is to make sure to use the latest lmgrd.exe that comes with FlexNet Version 11.10.1 or at least a version newer than 11.9.1.

Related post: Potential Security Vulnerability in FlexNet license manager

To monitor and report on usage of FlexNet based applications use JTB FlexReport.

No comments:

Post a Comment