Sign-up

ID

VAR-201201-0168


CVE

CVE-2011-4057


TITLE

Wibu-Systems CodeMeter remote denial of service vulnerability

Trust: 0.8

sources: CERT/CC: VU#659515

DESCRIPTION

Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350. CodeMeter Runtime provided by Wibu-Systems AG contains a denial-of-service vulnerability. CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service (DoS). Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS). The Wibu-Systems CodeMeter dongle provides secure hardware based software and digital content protection and effective license management. Wibu-Systems CodeMeter has problems handling special TCP packets. Wibu-Systems CodeMeter is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. Wibu-Systems CodeMeter versions prior to 4.40 are affected. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: CodeMeter Unspecified Denial of Service Vulnerability SECUNIA ADVISORY ID: SA47497 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47497/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47497 RELEASE DATE: 2012-01-12 DISCUSS ADVISORY: http://secunia.com/advisories/47497/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47497/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47497 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CodeMeter, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error. No further information is currently available. SOLUTION: Update to version 4.40. ORIGINAL ADVISORY: JVN: http://jvn.jp/en/jp/JVN78901873/index.html http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.42

sources: NVD: CVE-2011-4057 // CERT/CC: VU#659515 // JVNDB: JVNDB-2012-000003 // CNVD: CNVD-2012-0112 // BID: 51382 // IVD: 8204c04d-8a3b-44d1-be27-acd6e2404c70 // PACKETSTORM: 108606

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 8204c04d-8a3b-44d1-be27-acd6e2404c70 // CNVD: CNVD-2012-0112

AFFECTED PRODUCTS

vendor:wibumodel:codemeter runtimescope:eqversion:4.20a

Trust: 1.6

vendor:wibumodel:codemeter runtimescope:eqversion:4.30c

Trust: 1.6

vendor:wibumodel:codemeter runtimescope:eqversion:4.10b

Trust: 1.6

vendor:wibumodel:codemeter runtimescope:lteversion:4.30d

Trust: 1.0

vendor:wibumodel:codemeter 4.30cscope: - version: -

Trust: 0.9

vendor:wibumodel:codemeter 4.30dscope: - version: -

Trust: 0.9

vendor:accessdatamodel: - scope: - version: -

Trust: 0.8

vendor:guidancemodel: - scope: - version: -

Trust: 0.8

vendor:wibumodel: - scope: - version: -

Trust: 0.8

vendor:wibumodel:codemeter runtimescope:eqversion:prior to v4.40

Trust: 0.8

vendor:wibumodel:codemeter runtimescope:eqversion:4.30d

Trust: 0.6

vendor:wibumodel:codemeterscope:neversion:4.40

Trust: 0.3

vendor:codemeter runtimemodel:4.10bscope: - version: -

Trust: 0.2

vendor:codemeter runtimemodel:4.20ascope: - version: -

Trust: 0.2

vendor:codemeter runtimemodel:4.30cscope: - version: -

Trust: 0.2

vendor:codemeter runtimemodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 8204c04d-8a3b-44d1-be27-acd6e2404c70 // CERT/CC: VU#659515 // CNVD: CNVD-2012-0112 // BID: 51382 // JVNDB: JVNDB-2012-000003 // CNNVD: CNNVD-201201-144 // NVD: CVE-2011-4057

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4057
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#659515
value: 0.14

Trust: 0.8

IPA: JVNDB-2012-000003
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201201-144
value: MEDIUM

Trust: 0.6

IVD: 8204c04d-8a3b-44d1-be27-acd6e2404c70
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2011-4057
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2012-000003
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IVD: 8204c04d-8a3b-44d1-be27-acd6e2404c70
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 8204c04d-8a3b-44d1-be27-acd6e2404c70 // CERT/CC: VU#659515 // JVNDB: JVNDB-2012-000003 // CNNVD: CNNVD-201201-144 // NVD: CVE-2011-4057

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.0

sources: NVD: CVE-2011-4057

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201201-144

TYPE

Resource management error

Trust: 0.8

sources: IVD: 8204c04d-8a3b-44d1-be27-acd6e2404c70 // CNNVD: CNNVD-201201-144

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-000003

PATCH
title:Support & Downloads - User Softwareurl:http://www.wibu.com/downloads-user-software.html
Trust: 0.8
title:Wibu-Systems CodeMeter TCP packet denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/7391
Trust: 0.6
title:codemeter_4.40.687.500_i386url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42434
Trust: 0.6
title:CmRuntimeUser_4.40.687.500url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42433
Trust: 0.6
title:CodeMeterRuntime32url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42432
Trust: 0.6
title:codemeter_4.40-sol-SPARC.tarurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42435
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-0112 // 
            
            
            
            JVNDB: JVNDB-2012-000003 // 
            
            
            
            CNNVD: CNNVD-201201-144

EXTERNAL IDS
db:JVNid:JVN78901873
Trust: 4.2
db:NVDid:CVE-2011-4057
Trust: 3.5
db:CERT/CCid:VU#659515
Trust: 3.2
db:JVNDBid:JVNDB-2012-000003
Trust: 2.5
db:BIDid:51382
Trust: 1.9
db:SECUNIAid:47497
Trust: 1.9
db:OSVDBid:78223
Trust: 1.6
db:CNVDid:CNVD-2012-0112
Trust: 0.8
db:CNNVDid:CNNVD-201201-144
Trust: 0.8
db:JVNid:JVN#78901873
Trust: 0.6
db:NSFOCUSid:18465
Trust: 0.6
db:IVDid:8204C04D-8A3B-44D1-BE27-ACD6E2404C70
Trust: 0.2
db:PACKETSTORMid:108606
Trust: 0.1
sources:
            
            
            IVD: 8204c04d-8a3b-44d1-be27-acd6e2404c70 // 
            
            
            
            CERT/CC: VU#659515 // 
            
            
            
            CNVD: CNVD-2012-0112 // 
            
            
            
            BID: 51382 // 
            
            
            
            JVNDB: JVNDB-2012-000003 // 
            
            
            
            PACKETSTORM: 108606 // 
            
            
            
            CNNVD: CNNVD-201201-144 // 
            
            
            
            NVD: CVE-2011-4057

REFERENCES
url:http://jvn.jp/en/jp/jvn78901873/index.html
Trust: 4.2
url:http://www.kb.cert.org/vuls/id/659515
Trust: 2.4
url:http://www.wibu.com/en/anwendersoftware.html
Trust: 1.6
url:http://www.securityfocus.com/bid/51382
Trust: 1.6
url:http://www.kb.cert.org/vuls/id/mapg-8mynfl
Trust: 1.6
url:http://secunia.com/advisories/47497
Trust: 1.6
url:http://osvdb.org/78223
Trust: 1.6
url:http://jvndb.jvn.jp/ja/contents/2012/jvndb-2012-000003.html
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4057
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4057
Trust: 0.8
url:http://www.nsfocus.net/vulndb/18465
Trust: 0.6
url:http://www.wibu.com/en/codemeter.html
Trust: 0.3
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47497
Trust: 0.1
url:http://secunia.com/advisories/47497/#comments
Trust: 0.1
url:http://secunia.com/company/jobs/
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://jvndb.jvn.jp/en/contents/2012/jvndb-2012-000003.html
Trust: 0.1
url:http://secunia.com/advisories/47497/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#659515 // 
            
            
            
            CNVD: CNVD-2012-0112 // 
            
            
            
            BID: 51382 // 
            
            
            
            JVNDB: JVNDB-2012-000003 // 
            
            
            
            PACKETSTORM: 108606 // 
            
            
            
            CNNVD: CNNVD-201201-144 // 
            
            
            
            NVD: CVE-2011-4057

CREDITS
Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C.
Trust: 0.9
sources:
            
            
            BID: 51382 // 
            
            
            
            CNNVD: CNNVD-201201-144

SOURCES
db:IVDid:8204c04d-8a3b-44d1-be27-acd6e2404c70
db:CERT/CCid:VU#659515
db:CNVDid:CNVD-2012-0112
db:BIDid:51382
db:JVNDBid:JVNDB-2012-000003
db:PACKETSTORMid:108606
db:CNNVDid:CNNVD-201201-144
db:NVDid:CVE-2011-4057

LAST UPDATE DATE
2024-08-14T14:28:14.455000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#659515date:2012-01-16T00:00:00
db:CNVDid:CNVD-2012-0112date:2012-01-13T00:00:00
db:BIDid:51382date:2012-01-11T00:00:00
db:JVNDBid:JVNDB-2012-000003date:2012-01-11T00:00:00
db:CNNVDid:CNNVD-201201-144date:2012-01-16T00:00:00
db:NVDid:CVE-2011-4057date:2012-01-16T05:00:00

SOURCES RELEASE DATE
db:IVDid:8204c04d-8a3b-44d1-be27-acd6e2404c70date:2012-01-13T00:00:00
db:CERT/CCid:VU#659515date:2012-01-12T00:00:00
db:CNVDid:CNVD-2012-0112date:2012-01-13T00:00:00
db:BIDid:51382date:2012-01-11T00:00:00
db:JVNDBid:JVNDB-2012-000003date:2012-01-11T00:00:00
db:PACKETSTORMid:108606date:2012-01-12T05:04:03
db:CNNVDid:CNNVD-201201-144date:1900-01-01T00:00:00
db:NVDid:CVE-2011-4057date:2012-01-13T18:55:03.767