Security Bulletin
Summary
A possible security vulnerability has been reported in IBM Rational License Key Server (RLKS).
Vulnerability Details
CVEID: CVE-2015-8277
DESCRIPTION: Flexera Software FlexNet Publisher is vulnerable to a buffer overflow, caused by improper bounds checking by lmgrd. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code in affected server hosts.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110869 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
The following versions of IBM RLKS are affected.
- Rational License Key Server version 8.1.2
- Rational License Key Server version 8.1.3
- Rational License Key Server version 8.1.4
Remediation/Fixes
Upgrade to the IBM RLKS version 8.1.4 iFix 05. The detailed instructions for doing so are mentioned below.
- Download the 8.1.4 iFix 05 using the following link. Choose the fix appropriate for the platform on which the affected RLKS is running. 814 iFix 05 on Fix Central
- Unzip the fix.
- Shutdown the license server.
- Stop the RLKS Administration agent if it is running.
- Backup the following files.
- lmgrd
- lmtools
- lmutil
- ibmratl
- Replace the above files from the unzipped fix directory.
- Start the license server.
- Start the RLKS Administration agent if it is running.
Get Notified about Future Security Bulletins
References
Change History
17 August 2016: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
Initial Publish date:
17 August 2016
UID
swg21987826