Siemens Automation License Manager Buffer Overflow and Denial of Service Vulnerabilities

Bugtraq ID:	50830
Class:	Unknown
CVE:	CVE-2011-4529 CVE-2011-4530 CVE-2011-4531
Remote:	Yes
Local:	No
Published:	Nov 28 2011 12:00AM
Updated:	Jan 04 2012 12:20AM
Credit:	Luigi Auriemma
Vulnerable:	Siemens Automation License Manager 501.1.102.1
Not Vulnerable:

Siemens Automation License Manager Buffer Overflow and Denial of Service Vulnerabilities

Siemens Automation License Manager is prone to a buffer-overflow vulnerability and multiple denial-of-service vulnerabilities.

Remote attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions.

Siemens Automation License Manager 500.0.122.1 is vulnerable; other versions may also be affected.

Siemens Automation License Manager Buffer Overflow and Denial of Service Vulnerabilities

The discoverer has created exploits for these issues. Please see the references for more information.

Siemens Automation License Manager Buffer Overflow and Denial of Service Vulnerabilities

Solution:
The vendor released an update. Please see the references for more information.

Siemens Automation License Manager Buffer Overflow and Denial of Service Vulnerabilities

References:

• ICSA-11-361-01�?? SIEMENS AUTOMATION LICENSE MANAGER MULTIPLE VULNERABILITIES (US-CERT)
  
• Siemens Automation License Manager Page (Siemens)
  
• Vulnerabilities in Siemens Automation License Manager (Luigi Auriemma)
  
• Vulnerabilities in Siemens Automation License Manager (Luigi Auriemma)