Vulnerability Note VU#659515

Wibu-Systems CodeMeter remote denial of service vulnerability

Overview

Wibu-Systems CodeMeter contains a remote denial of service vulnerability when receiving specially crafted packets.

I. Description

Wibu-Systems CodeMeter v4.30c and v4.10b contain a remote denial of service vulnerability when receiving specially crafted packets. Wibu-Systems CodeMeter listens on TCP/22350 for incoming connections. An attacker can send a specially crafted packet causing CodeMeter.exe to crash.

II. Impact

A remote, unauthenticated attacker could cause the Wibu-Systems CodeMeter application to crash creating a denial-of-service condition.

III. Solution

Apply an Update

This vulnerability has been addressed in Wibu-Systems CodeMeter Software v4.40.
Restrict access

Restrict access to the Wibu-Systems CodeMeter network interface to trusted users and networks.

Vendor Information

Vendor	Status	Date Notified	Date Updated
AccessData	Affected		2012-01-16
Guidance Software, Inc.	Affected		2012-01-16
Wibu-Systems	Affected	2011-10-25	2012-01-03

References

http://www.wibu.com/en/anwendersoftware.html
http://jvn.jp/en/jp/JVN78901873/index.html

Credit

Thanks to Kuang-Chun Hung of Information and Communication Security Technology Center for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

Date Public:	2012-01-12
Date First Published:	2012-01-12
Date Last Updated:	2012-01-16
CERT Advisory:
CVE-ID(s):	CVE-2011-4057
NVD-ID(s):	CVE-2011-4057
US-CERT Technical Alerts:
Severity Metric:	0.14
Document Revision:	26

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2012 by US-CERT, a government organization
Disclaimers and copyright information Get a PDF Reader