{"vuid":"VU#485744","idnumber":"485744","name":"Flexera Software FlexNet Publisher lmgrd contains a buffer overflow vulnerability","keywords":["flexera","flexnet","buffer overflow"],"overview":"Flexera Software FlexNet Publisher, including all versions prior to 11.13.1.2, lmgrd and custom vendor daemon servers contain a buffer overflow vulnerability that may be leveraged to gain code execution.","clean_desc":"Flexera Software FlexNet Publisher is a software license manager that provides licensing models and solutions for software vendors. A buffer overflow vulnerability in a string copying function of lmgrd and custom vendor daemon servers may enable a remote attacker to execute arbitrary code in affected server hosts. For more information, refer to the researchers' blog post and advisory.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code in affected server hosts.","resolution":"Apply an update Software vendors that distribute vulnerable lmgrd or vendor daemon components should obtain FlexNet Publisher 2015 (11.13.1.2) Security Update 1 or later from Flexera Software's Product and License Center. Users of affected software should contact product vendors for update information.","workarounds":"","sysaffected":"Note that any vendor that distributes lmgrd or a customized","thanks":"Thanks to Matthew Benton, Ryan Wincey, and Richard Kelley for reporting this vulnerability.","author":"This document was written by Joel Land.","public":["http://learn.flexerasoftware.com/content/ECM-EVAL-FlexNet-Publisher","https://flexerasoftware.flexnetoperations.com/control/inst/index","http://securitymumblings.blogspot.com/2016/02/cve-2015-8277.html","https://www.securifera.com/advisories/cve-2015-8277"],"cveids":["CVE-2015-8277"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-11-06T13:46:16Z","publicdate":"2016-02-22T00:00:00Z","datefirstpublished":"2016-02-22T17:24:36Z","dateupdated":"2016-04-04T16:30:31Z","revision":27,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"10","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"7.8","cvss_environmentalscore":"5.86926702432","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}