Stack-based buffer overflow in Sentinel License Manager

#VU10368 Stack-based buffer overflow in Sentinel License Manager

Cybersecurity Help s.r.o.

Published: 2018-02-05

Vulnerability identifier: #VU10368

Vulnerability risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12818

CWE-ID: CWE-121

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Sentinel License Manager
Client/Desktop applications / Other client software

Vendor: Gemalto

Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to stack-based buffer overflow when handling malicious input. A remote attacker can supply a specially crafted XML payload with more than supported number of elements, trigger memory corruption and cause the service to crash.

Mitigation
Update to version 7.6.

Vulnerable software versions

Sentinel License Manager: All versions

External links
http://ics-cert.us-cert.gov/advisories/ICSA-18-032-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens Building Technologies Products

Multiple vulnerabilities in Gemalto Sentinel License Manager