FlexNet License Multiple Vulnerabilities

Critical Nessus Plugin ID 58273


The remote Windows host contains a license management application installed that allows execution of arbitrary code.


The version of FlexNet License Manager installed on the remote Windows host is earlier than As such, it is potentially affected by multiple vulnerabilities :

- Multiple problems exist that allow an attacker to

influence the saving and loading of log files on the

server. By utilizing a directory traversal issue and

some file renaming bugs, an attacker can leverage these

vulnerabilities to execute arbitrary code subject to

the user running the affected application.

- A buffer overflow vulnerability exists that coul lead to

arbitrary code execution.


If using IBM Rational License Key Server, apply the vendor-supplied hotfix.

Otherwise, upgrade the FlexNet lmgrd License Server Manager to / 11.10.1 or later.

See Also






Plugin Details

Severity: Critical

ID: 58273

File Name: flexnet_license_server_manager_code_exec.nasl

Version: $Revision: 1.14 $

Type: local

Agent: windows

Family: Windows

Published: 2012/03/07

Modified: 2016/05/20

Dependencies: 10456, 58272

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/Flexera FlexNet License Server/Version, SMB/Flexera FlexNet License Server/Path

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/10/14

Vulnerability Publication Date: 2011/08/16

Exploitable With

Metasploit (FlexNet License Server Manager lmgrd Buffer Overflow)

Reference Information

CVE: CVE-2011-1389, CVE-2011-4135

BID: 49191, 52718

OSVDB: 74610, 81899

EDB-ID: 18877