search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Wibu-Systems CodeMeter remote denial of service vulnerability

Vulnerability Note VU#659515

Original Release Date: 2012-01-12 | Last Revised: 2012-01-16

Overview

Wibu-Systems CodeMeter contains a remote denial of service vulnerability when receiving specially crafted packets.

Description

Wibu-Systems CodeMeter v4.30c and v4.10b contain a remote denial of service vulnerability when receiving specially crafted packets. Wibu-Systems CodeMeter listens on TCP/22350 for incoming connections. An attacker can send a specially crafted packet causing CodeMeter.exe to crash.

Impact

A remote, unauthenticated attacker could cause the Wibu-Systems CodeMeter application to crash creating a denial-of-service condition.

Solution

Apply an Update


This vulnerability has been addressed in Wibu-Systems CodeMeter Software v4.40.

Restrict access

Restrict access to the Wibu-Systems CodeMeter network interface to trusted users and networks.

Vendor Information

659515
Expand all

AccessData

Updated:  January 16, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Guidance Software, Inc.

Updated:  January 16, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wibu-Systems

Notified:  October 25, 2011 Updated:  January 03, 2012

Status

  Affected

Vendor Statement

This vulnerability has been addressed in Wibu-Systems CodeMeter Software v4.40.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://www.wibu.com/en/anwendersoftware.html

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Thanks to Kuang-Chun Hung of Information and Communication Security Technology Center for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2011-4057
Severity Metric: 0.14
Date Public: 2012-01-12
Date First Published: 2012-01-12
Date Last Updated: 2012-01-16 14:43 UTC
Document Revision: 26

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.