====================================================================== Secunia Research 25/07/2016 Reprise License Manager "actserver" Buffer Overflow Vulnerability ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Description of Vulnerabilities.......................................3 Solution.............................................................4 Time Table...........................................................5 Credits..............................................................6 References...........................................................7 About Secunia........................................................8 Verification.........................................................9 ====================================================================== 1) Affected Software * Reprise License Manager version 12.0BL2. Other versions may also be affected. ====================================================================== 2) Severity Rating: Moderately critical Impact: System compromise Where: From local network ====================================================================== 3) Description of Vulnerabilities Secunia Research have discovered a vulnerability in Reprise License Manager (RLM), which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when handling the "actserver" POST parameter related to /goform/activate_doit, which can be exploited to cause a stack-based buffer overflow via a specially crafted HTTP request. Successful exploitation of the vulnerability may allow execution of arbitrary code. ====================================================================== 4) Solution Update to version 12.1BL2 if available for the supported platforms. ====================================================================== 5) Time Table 01/06/2016 - Initial contact with vendor. 01/06/2016 - Vendor responds with service ticket ID. 02/06/2016 - Details transferred. 02/06/2016 - Vendor confirms reception and informs that the issues will be fixed in version 12.1. 28/06/2016 - Release of vendor patch. 30/06/2016 - Release of Secunia Advisory SA67000, which includes one of the vulnerabilities that is confirmed fixed. 25/07/2016 - Public disclosure of Research Advisory. ====================================================================== 6) Credits Discovered by Behzad Najjarpour Jabbari, Secunia Research at Flexera Software. ====================================================================== 7) References Currently no CVE identifier is assigned. ====================================================================== 8) About Secunia (now part of Flexera Software) In September 2015, Secunia has been acquired by Flexera Software: https://secunia.com/blog/435/ Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/products/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/company/jobs/ ====================================================================== 9) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2016-7/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ======================================================================