Flexera Software FlexNet Publisher, including all versions prior to 184.108.40.206, lmgrd and custom vendor daemon servers contain a buffer overflow vulnerability that may be leveraged to gain code execution.
Flexera Software FlexNet Publisher is a software license manager that provides licensing models and solutions for software vendors. A buffer overflow vulnerability in a string copying function of lmgrd and custom vendor daemon servers may enable a remote attacker to execute arbitrary code in affected server hosts.
A remote, unauthenticated attacker may be able to execute arbitrary code in affected server hosts.
Apply an update
Note that any vendor that distributes lmgrd or a customized version with their products may be affected. As the CERT/CC becomes aware of specific vendors and products, we will add them to the list below.
Thanks to Matthew Benton, Ryan Wincey, and Richard Kelley for reporting this vulnerability.
|Date First Published:||2016-02-22|
|Date Last Updated:||2016-04-04 16:30 UTC|