Troubleshooting
Problem
A possible security vulnerability has been reported in the FlexNet Publisher lmgrd license server managers as well as vendor daemons.There have been no reported exploits of this possible vulnerability and to date it has not been reported by FlexNetSoftware users. This possible vulnerability impacts: IBM Rational License Key Server 8.1.2 IBM Rational License Key Server 8.1.1 IBM Rational License Key Server 8.0 Rational License Server v7.x Telelogic License Server 2.0
Resolving The Problem
Mitigation
Users can virtually eliminate this potential risk by running lmgrd and vendor daemon (ibmratl). In addition, the following best practices are recommended by IBM.
License Administrator Best Practices for Mitigating Risk Exposure
The following steps are recommended as License Administrator best practices to help protect against potential security vulnerabilities:
1. Limit access to administrative users only by running the license server manager (lmgrd) in a restrictive mode. Use the '-2 –p' command-line option on lmgrd is the recommended settings unless you are using FlexNet Manager for Engineering Applications.
2. Utilize the recommended security settings offered by the Operating System (OS) vendors that resist the buffer/stack overflow attacks. For example, the Data Execution Prevention (DEP) feature on Windows helps in this regard. Most OS updates also include security features that take advantage of both hardware and software based protection mechanisms against malicious code execution.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21573825