Executive Summary

Summary
Title Wibu-Systems CodeMeter remote denial of service vulnerability
Informations
Name VU#659515 First vendor Publication 2012-01-12
Vendor VU-CERT Last vendor Modification 2012-01-16
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#659515

Wibu-Systems CodeMeter remote denial of service vulnerability

Overview

Wibu-Systems CodeMeter contains a remote denial of service vulnerability when receiving specially crafted packets.

I. Description

Wibu-Systems CodeMeter v4.30c and v4.10b contain a remote denial of service vulnerability when receiving specially crafted packets. Wibu-Systems CodeMeter listens on TCP/22350 for incoming connections. An attacker can send a specially crafted packet causing CodeMeter.exe to crash.

II. Impact

A remote, unauthenticated attacker could cause the Wibu-Systems CodeMeter application to crash creating a denial-of-service condition.

III. Solution

Apply an Update


This vulnerability has been addressed in Wibu-Systems CodeMeter Software v4.40.
Restrict access

Restrict access to the Wibu-Systems CodeMeter network interface to trusted users and networks.

Vendor Information

VendorStatusDate NotifiedDate Updated
AccessDataAffected2012-01-16
Guidance Software, Inc.Affected2012-01-16
Wibu-SystemsAffected2011-10-252012-01-03

References

http://www.wibu.com/en/anwendersoftware.html
http://jvn.jp/en/jp/JVN78901873/index.html

Credit

Thanks to Kuang-Chun Hung of Information and Communication Security Technology Center for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

Date Public:2012-01-12
Date First Published:2012-01-12
Date Last Updated:2012-01-16
CERT Advisory: 
CVE-ID(s):CVE-2011-4057
NVD-ID(s):CVE-2011-4057
US-CERT Technical Alerts: 
Severity Metric:0.14
Document Revision:26


This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Original Source

Url : http://www.kb.cert.org/vuls/id/659515

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4

OpenVAS Exploits

Date Description
2012-01-19 Name : Wibu-Systems CodeMeter Runtime TCP Packets Denial of Service Vulnerability
File : nvt/gb_wibu_systems_codemeter_tcp_packets_dos_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
78223 CodeMeter TCP Packet Parsing Unspecified Remote DoS

Nessus® Vulnerability Scanner

Date Description
2012-02-02 Name : A web application on the remote host is affected by a denial of service vulne...
File : codemeter_webadmin_4_40.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:08:04
  • Multiple Updates