search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Wibu-Systems CodeMeter remote denial of service vulnerability

Vulnerability Note VU#659515

Original Release Date: 2012-01-12 | Last Revised: 2012-01-16

Overview

Wibu-Systems CodeMeter contains a remote denial of service vulnerability when receiving specially crafted packets.

Description

Wibu-Systems CodeMeter v4.30c and v4.10b contain a remote denial of service vulnerability when receiving specially crafted packets. Wibu-Systems CodeMeter listens on TCP/22350 for incoming connections. An attacker can send a specially crafted packet causing CodeMeter.exe to crash.

Impact

A remote, unauthenticated attacker could cause the Wibu-Systems CodeMeter application to crash creating a denial-of-service condition.

Solution

Apply an Update


This vulnerability has been addressed in Wibu-Systems CodeMeter Software v4.40.

Restrict access

Restrict access to the Wibu-Systems CodeMeter network interface to trusted users and networks.

Vendor Information

659515
 
Expand all

AccessData Affected

Updated:  January 16, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Guidance Software, Inc. Affected

Updated:  January 16, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Wibu-Systems Affected

Notified:  October 25, 2011 Updated: January 03, 2012

Status

Affected

Vendor Statement

This vulnerability has been addressed in Wibu-Systems CodeMeter Software v4.40.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Kuang-Chun Hung of Information and Communication Security Technology Center for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2011-4057
Severity Metric: 0.14
Date Public: 2012-01-12
Date First Published: 2012-01-12
Date Last Updated: 2012-01-16 14:43 UTC
Document Revision: 27

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis