Vulnerability Note VU#659515

Wibu-Systems CodeMeter remote denial of service vulnerability

Original Release date: 12 Jan 2012 | Last revised: 16 Jan 2012

Overview

Wibu-Systems CodeMeter contains a remote denial of service vulnerability when receiving specially crafted packets.

Description

Wibu-Systems CodeMeter v4.30c and v4.10b contain a remote denial of service vulnerability when receiving specially crafted packets. Wibu-Systems CodeMeter listens on TCP/22350 for incoming connections. An attacker can send a specially crafted packet causing CodeMeter.exe to crash.

Impact

A remote, unauthenticated attacker could cause the Wibu-Systems CodeMeter application to crash creating a denial-of-service condition.

Solution

Apply an Update


This vulnerability has been addressed in Wibu-Systems CodeMeter Software v4.40.

Restrict access

Restrict access to the Wibu-Systems CodeMeter network interface to trusted users and networks.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
AccessDataAffected-16 Jan 2012
Guidance Software, Inc.Affected-16 Jan 2012
Wibu-SystemsAffected25 Oct 201103 Jan 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Kuang-Chun Hung of Information and Communication Security Technology Center for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: CVE-2011-4057
  • Date Public: 12 Jan 2012
  • Date First Published: 12 Jan 2012
  • Date Last Updated: 16 Jan 2012
  • Severity Metric: 0.14
  • Document Revision: 26

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.