ID

VAR-201201-0168


CVE

CVE-2011-4057


TITLE

Wibu-Systems CodeMeter remote denial of service vulnerability

Trust: 0.8

sources: CERT/CC: VU#659515

DESCRIPTION

Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350. CodeMeter Runtime provided by Wibu-Systems AG contains a denial-of-service vulnerability. CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service (DoS). Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS). The Wibu-Systems CodeMeter dongle provides secure hardware based software and digital content protection and effective license management. Wibu-Systems CodeMeter has problems handling special TCP packets. Wibu-Systems CodeMeter is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. Wibu-Systems CodeMeter versions prior to 4.40 are affected. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: CodeMeter Unspecified Denial of Service Vulnerability SECUNIA ADVISORY ID: SA47497 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47497/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47497 RELEASE DATE: 2012-01-12 DISCUSS ADVISORY: http://secunia.com/advisories/47497/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47497/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47497 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CodeMeter, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error. No further information is currently available. SOLUTION: Update to version 4.40. ORIGINAL ADVISORY: JVN: http://jvn.jp/en/jp/JVN78901873/index.html http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.42

sources: NVD: CVE-2011-4057 // CERT/CC: VU#659515 // JVNDB: JVNDB-2012-000003 // CNVD: CNVD-2012-0112 // BID: 51382 // IVD: 8204c04d-8a3b-44d1-be27-acd6e2404c70 // PACKETSTORM: 108606

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 8204c04d-8a3b-44d1-be27-acd6e2404c70 // CNVD: CNVD-2012-0112

AFFECTED PRODUCTS

vendor:wibumodel:codemeter runtimescope:eqversion:4.20a

Trust: 1.6

vendor:wibumodel:codemeter runtimescope:eqversion:4.30c

Trust: 1.6

vendor:wibumodel:codemeter runtimescope:eqversion:4.10b

Trust: 1.6

vendor:wibumodel:codemeter runtimescope:lteversion:4.30d

Trust: 1.0

vendor:wibumodel:codemeter 4.30cscope: - version: -

Trust: 0.9

vendor:wibumodel:codemeter 4.30dscope: - version: -

Trust: 0.9

vendor:accessdatamodel: - scope: - version: -

Trust: 0.8

vendor:guidancemodel: - scope: - version: -

Trust: 0.8

vendor:wibumodel: - scope: - version: -

Trust: 0.8

vendor:wibumodel:codemeter runtimescope:eqversion:prior to v4.40

Trust: 0.8

vendor:wibumodel:codemeter runtimescope:eqversion:4.30d

Trust: 0.6

vendor:wibumodel:codemeterscope:neversion:4.40

Trust: 0.3

vendor:codemeter runtimemodel:4.10bscope: - version: -

Trust: 0.2

vendor:codemeter runtimemodel:4.20ascope: - version: -

Trust: 0.2

vendor:codemeter runtimemodel:4.30cscope: - version: -

Trust: 0.2

vendor:codemeter runtimemodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 8204c04d-8a3b-44d1-be27-acd6e2404c70 // CERT/CC: VU#659515 // CNVD: CNVD-2012-0112 // BID: 51382 // JVNDB: JVNDB-2012-000003 // CNNVD: CNNVD-201201-144 // NVD: CVE-2011-4057

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4057
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#659515
value: 0.14

Trust: 0.8

IPA: JVNDB-2012-000003
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201201-144
value: MEDIUM

Trust: 0.6

IVD: 8204c04d-8a3b-44d1-be27-acd6e2404c70
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2011-4057
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2012-000003
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IVD: 8204c04d-8a3b-44d1-be27-acd6e2404c70
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 8204c04d-8a3b-44d1-be27-acd6e2404c70 // CERT/CC: VU#659515 // JVNDB: JVNDB-2012-000003 // CNNVD: CNNVD-201201-144 // NVD: CVE-2011-4057

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.0

sources: NVD: CVE-2011-4057

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201201-144

TYPE

Resource management error

Trust: 0.8

sources: IVD: 8204c04d-8a3b-44d1-be27-acd6e2404c70 // CNNVD: CNNVD-201201-144

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-000003

PATCH

title:Support & Downloads - User Softwareurl:http://www.wibu.com/downloads-user-software.html

Trust: 0.8

title:Wibu-Systems CodeMeter TCP packet denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/7391

Trust: 0.6

title:codemeter_4.40.687.500_i386url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42434

Trust: 0.6

title:CmRuntimeUser_4.40.687.500url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42433

Trust: 0.6

title:CodeMeterRuntime32url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42432

Trust: 0.6

title:codemeter_4.40-sol-SPARC.tarurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42435

Trust: 0.6

sources: CNVD: CNVD-2012-0112 // JVNDB: JVNDB-2012-000003 // CNNVD: CNNVD-201201-144

EXTERNAL IDS

db:JVNid:JVN78901873

Trust: 4.2

db:NVDid:CVE-2011-4057

Trust: 3.5

db:CERT/CCid:VU#659515

Trust: 3.2

db:JVNDBid:JVNDB-2012-000003

Trust: 2.5

db:BIDid:51382

Trust: 1.9

db:SECUNIAid:47497

Trust: 1.9

db:OSVDBid:78223

Trust: 1.6

db:CNVDid:CNVD-2012-0112

Trust: 0.8

db:CNNVDid:CNNVD-201201-144

Trust: 0.8

db:JVNid:JVN#78901873

Trust: 0.6

db:NSFOCUSid:18465

Trust: 0.6

db:IVDid:8204C04D-8A3B-44D1-BE27-ACD6E2404C70

Trust: 0.2

db:PACKETSTORMid:108606

Trust: 0.1

sources: IVD: 8204c04d-8a3b-44d1-be27-acd6e2404c70 // CERT/CC: VU#659515 // CNVD: CNVD-2012-0112 // BID: 51382 // JVNDB: JVNDB-2012-000003 // PACKETSTORM: 108606 // CNNVD: CNNVD-201201-144 // NVD: CVE-2011-4057

REFERENCES

url:http://jvn.jp/en/jp/jvn78901873/index.html

Trust: 4.2

url:http://www.kb.cert.org/vuls/id/659515

Trust: 2.4

url:http://www.wibu.com/en/anwendersoftware.html

Trust: 1.6

url:http://www.securityfocus.com/bid/51382

Trust: 1.6

url:http://www.kb.cert.org/vuls/id/mapg-8mynfl

Trust: 1.6

url:http://secunia.com/advisories/47497

Trust: 1.6

url:http://osvdb.org/78223

Trust: 1.6

url:http://jvndb.jvn.jp/ja/contents/2012/jvndb-2012-000003.html

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4057

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4057

Trust: 0.8

url:http://www.nsfocus.net/vulndb/18465

Trust: 0.6

url:http://www.wibu.com/en/codemeter.html

Trust: 0.3

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47497

Trust: 0.1

url:http://secunia.com/advisories/47497/#comments

Trust: 0.1

url:http://secunia.com/company/jobs/

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://jvndb.jvn.jp/en/contents/2012/jvndb-2012-000003.html

Trust: 0.1

url:http://secunia.com/advisories/47497/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CERT/CC: VU#659515 // CNVD: CNVD-2012-0112 // BID: 51382 // JVNDB: JVNDB-2012-000003 // PACKETSTORM: 108606 // CNNVD: CNNVD-201201-144 // NVD: CVE-2011-4057

CREDITS

Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C.

Trust: 0.9

sources: BID: 51382 // CNNVD: CNNVD-201201-144

SOURCES

db:IVDid:8204c04d-8a3b-44d1-be27-acd6e2404c70
db:CERT/CCid:VU#659515
db:CNVDid:CNVD-2012-0112
db:BIDid:51382
db:JVNDBid:JVNDB-2012-000003
db:PACKETSTORMid:108606
db:CNNVDid:CNNVD-201201-144
db:NVDid:CVE-2011-4057

LAST UPDATE DATE

2024-08-14T14:28:14.455000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#659515date:2012-01-16T00:00:00
db:CNVDid:CNVD-2012-0112date:2012-01-13T00:00:00
db:BIDid:51382date:2012-01-11T00:00:00
db:JVNDBid:JVNDB-2012-000003date:2012-01-11T00:00:00
db:CNNVDid:CNNVD-201201-144date:2012-01-16T00:00:00
db:NVDid:CVE-2011-4057date:2012-01-16T05:00:00

SOURCES RELEASE DATE

db:IVDid:8204c04d-8a3b-44d1-be27-acd6e2404c70date:2012-01-13T00:00:00
db:CERT/CCid:VU#659515date:2012-01-12T00:00:00
db:CNVDid:CNVD-2012-0112date:2012-01-13T00:00:00
db:BIDid:51382date:2012-01-11T00:00:00
db:JVNDBid:JVNDB-2012-000003date:2012-01-11T00:00:00
db:PACKETSTORMid:108606date:2012-01-12T05:04:03
db:CNNVDid:CNNVD-201201-144date:1900-01-01T00:00:00
db:NVDid:CVE-2011-4057date:2012-01-13T18:55:03.767