search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Wibu-Systems CodeMeter remote denial of service vulnerability

Vulnerability Note VU#659515

Original Release Date: 2012-01-12 | Last Revised: 2012-01-16

Overview

Wibu-Systems CodeMeter contains a remote denial of service vulnerability when receiving specially crafted packets.

Description

Wibu-Systems CodeMeter v4.30c and v4.10b contain a remote denial of service vulnerability when receiving specially crafted packets. Wibu-Systems CodeMeter listens on TCP/22350 for incoming connections. An attacker can send a specially crafted packet causing CodeMeter.exe to crash.

Impact

A remote, unauthenticated attacker could cause the Wibu-Systems CodeMeter application to crash creating a denial-of-service condition.

Solution

Apply an Update


This vulnerability has been addressed in Wibu-Systems CodeMeter Software v4.40.

Restrict access

Restrict access to the Wibu-Systems CodeMeter network interface to trusted users and networks.

Vendor Information

659515
 
Affected   Unknown   Unaffected

AccessData

Updated:  January 16, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Guidance Software, Inc.

Updated:  January 16, 2012

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Wibu-Systems

Notified:  October 25, 2011 Updated:  January 03, 2012

Status

  Affected

Vendor Statement

This vulnerability has been addressed in Wibu-Systems CodeMeter Software v4.40.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Thanks to Kuang-Chun Hung of Information and Communication Security Technology Center for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2011-4057
Severity Metric: 0.14
Date Public: 2012-01-12
Date First Published: 2012-01-12
Date Last Updated: 2012-01-16 14:43 UTC
Document Revision: 26

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.