Vulnerability Note VU#485744
Flexera Software FlexNet Publisher lmgrd contains a buffer overflow vulnerability
Flexera Software FlexNet Publisher, including all versions prior to 18.104.22.168, lmgrd and custom vendor daemon servers contain a buffer overflow vulnerability that may be leveraged to gain code execution.
Flexera Software FlexNet Publisher is a software license manager that provides licensing models and solutions for software vendors. A buffer overflow vulnerability in a string copying function of lmgrd and custom vendor daemon servers may enable a remote attacker to execute arbitrary code in affected server hosts.
A remote, unauthenticated attacker may be able to execute arbitrary code in affected server hosts.
Apply an update
Vendor Information (Learn More)
Note that any vendor that distributes lmgrd or a customized version with their products may be affected. As the CERT/CC becomes aware of specific vendors and products, we will add them to the list below.
|Vendor||Status||Date Notified||Date Updated|
|Citrix||Affected||-||10 Mar 2016|
|Flexera Software||Affected||-||22 Feb 2016|
CVSS Metrics (Learn More)
Thanks to Matthew Benton, Ryan Wincey, and Richard Kelley for reporting this vulnerability.
This document was written by Joel Land.
- CVE IDs: CVE-2015-8277
- Date Public: 22 Feb 2016
- Date First Published: 22 Feb 2016
- Date Last Updated: 04 Apr 2016
- Document Revision: 26
If you have feedback, comments, or additional information about this vulnerability, please send us email.