[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20160725162741.684B4260B3A@vtweb-hsk-001.localdomain>
Date: Mon, 25 Jul 2016 18:27:41 +0200 (CEST)
From: Secunia Research <remove-vuln@...unia.com>
To: bugtraq@...urityfocus.com
Subject: Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability
======================================================================
Secunia Research 25/07/2016
Reprise License Manager "akey" Buffer Overflow Vulnerability
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Description of Vulnerabilities.......................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9
======================================================================
1) Affected Software
* Reprise License Manager versions 12.0BL2, 12.1BL2, and 12.1BL3.
Other versions may also be affected.
======================================================================
2) Severity
Rating: Moderately critical
Impact: System compromise
Where: From local network
======================================================================
3) Description of Vulnerabilities
Secunia Research have discovered a vulnerability in Reprise
License Manager (RLM), which can be exploited by malicious people to
compromise a vulnerable system.
The vulnerability is caused due to a boundary error when handling the
"akey" POST parameter related to /goform/activate_doit, which can be
exploited to cause a stack-based buffer overflow via a specially
crafted HTTP request.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
======================================================================
4) Solution
No official solution is currently available.
======================================================================
5) Time Table
01/06/2016 - Initial contact with vendor.
01/06/2016 - Vendor responds with service ticket ID.
02/06/2016 - Details transferred.
02/06/2016 - Vendor confirms reception and informs that the issues
will be fixed in version 12.1.
28/06/2016 - Release of vendor patch.
30/06/2016 - Release of Secunia Advisory SA67000, which includes
one of the vulnerabilities that is confirmed fixed.
01/07/2016 - Contacted the vendor that vulnerability #2 is still
unpatched. An requested an ETA for a fixed release.
01/07/2016 - Vendor disagrees on the existence of the vulnerability
due to the application never to be run with elevated
privileges by design.
01/07/2016 - Replied to the vendor with detailed analysis of the
issue and clarified that as the vulnerability is
remotely exploitable, it is still exploitable even if
the application is run without elevated privileges.
03/07/2016 - Vendor requests a screenshot.
12/07/2016 - Provided the vendor with a video file.
12/07/2016 - Vendor replies that the issue is fixed for the next
release. The vendor notes that the issue is not
considered a security issue, because RLM should never be
run as a privileged user.
13/07/2016 - Clarified to the vendor that the issue is indeed seen
as a security issue and elaborated further on the
reasons. Requested fix date and set release of
the Secunia Advisory SA71200 to 22nd July 2016.
19/07/2016 - The vendor informs us that the issue will be fixed in
the time frame between now and until the end of the
year.
22/07/2016 - Release of Secunia Advisory SA71200.
25/07/2016 - Public disclosure of Research Advisory.
======================================================================
6) Credits
Discovered by Behzad Najjarpour Jabbari, Secunia Research at Flexera
Software.
======================================================================
7) References
Currently no CVE identifier is assigned.
======================================================================
8) About Secunia (now part of Flexera Software)
In September 2015, Secunia has been acquired by Flexera Software:
https://secunia.com/blog/435/
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/products/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/company/jobs/
======================================================================
9) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2016-8/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
Powered by blists - more mailing lists