Security Bulletin: Rational License Key Server vulnerability affecting license server, lmgrd, and the vendor daemon, ibmratl (CVE-2011-1389)

Summary

A possible security vulnerability has been reported in the FlexNet Publisher lmgrd license server manager as well as vendor daemons. There have been no reported exploits of this possible vulnerability, and to date it has not been reported by FlexNetSoftware users.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

• Follow this link for more information (requires login with your IBM ID)
  —|—

CVE ID: CVE-2011-1389

Description: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of FlexNet Publisher license server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the license server manager which listens on TCP port 27000. There are multiple problems that allow an attacker to influence the saving and loading of log files on the server. By utilizing a directory traversal issue and some file renaming bugs, an attacker can leverage this vulnerability to execute arbitrary code under the user context running the license server manager/vendor daemon.

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/71739&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

Affected Products and Versions

This vulnerability impacts the following license server:

• IBM Rational License Key Server (RLKS) 8.1.3
• IBM Rational License Key Server 8.1.2
• IBM Rational License Key Server 8.1.1
• IBM Rational License Key Server 8.0
• Rational License Server v7.x
• Telelogic License Server 2.0

The list of platforms affected by this vulnerability is as follows.

• AIX 5.1
• AIX 5.2.*
• AIX 5.3.*
• AIX 6.1.*
• AIX 7.1.*
• HP-UX 11.0 PA-RISC
• HP-UX 11i v1 PA-RISC
• HP-UX 11i v2 IA64
• HP-UX 11i v2 PA-RISC
• Red Hat Enterprise Linux 3
• Red Hat Enterprise Linux 4
• Red Hat Enterprise Linux 5
• Red Hat Enterprise Linux 6
• SUSE Linux Enterprise Server 11
• SUSE Linux Enterprise Server 10
• SUSE Linux Enterprise Server 9
• Solaris 10 SPARC
• Solaris 8 x86-32
• Solaris 9 x86-32
• Windows 2000 SP4 Advanced Server/Server/Professional
• Windows Server 2003 SP2 Enterprise/Standard x86-32
• Windows Server 2003 SP2 Enterprise/Standard x86-64
• Windows XP SP2 Professional x86-32
• Windows Server 2008 Enterprise/Standard x86-32
• Windows Server 2008 Enterprise/Standard x86-64
• Windows Server 2008 R2 Enterprise x86-32
• Windows Server 2008 R2 Enterprise x86-64
• Windows Vista Business/Enterprise/Ultimate SP2 x86-32
• Windows 7 Enterprise/Professional/Ultimate x86-32
• Windows 7 Enterprise/Professional/Ultimate x86-64

Note**:** All the versions of the License Server may not run on all of the above platforms.

Remediation/Fixes

The recommended solution is to apply the iFixes provided by IBM as outlined here.

Vendor Fix(es):

For IBM RLKS 8.1.3, 8.1.2 or RLKS 8.1.1 Users

An iFix is available to address this vulnerability. For more information, see the link RLKS 8.1.3 iFixes Download Link to download the fixes and the installation instructions.

How to install the iFixes

To install the Rational License Key Server fix on Windows platforms:

1. Download the Windows iFix.zip file.

2. Extract the compressed files to an appropriate directory.

3. Add the fix pack repository location in Installation Manager as follows:
   1. Launch IBM Installation Manager.
   2. Click** File > Preferences > Repositories.** 3. ClickAdd Repository.
   4. Browse to or enter the file path to the repository.config file.
   The repository.config file is located in the sub-directory “ifix” where you extracted the compressed files.

4. Stop the Rational License Key Server before installing the iFix.
   Ensure the following processes are not running:

• lmgrd

• lmutil

• lmtools

• ibmratl

• On the main page of Installation Manager, click Update.

• Follow the instructions to install the Fix Pack.

• Start the Rational License Key Server.

To install the Rational License Key Server fix on UNIX and Linux platforms:

1. Download the iFix.tar file.

2. Extract the iFix.tar: tar -xvf <iFix>.tar

3. Go to the installation location of the license server.

4. Navigate to the config sub-folder.

5. Run the start_lmgrd_on_this_host script file with the stop option: ./start_lmgrd_on_this_host stop

6. The license server stops. To verify, run the command: ps -ef | grep lmgrd

7. Navigate to sub-directory `<installation_directory>/base/cots/flexlm.11.8/<Platform>

`
8. Overwrite files in this directory with all the files from the iFix.

9. Go to the <installation_directory>/config/ directory.

10. Start the license server using the command: ./start_lmgrd_on_this_host start

On UNIX and Linuix platforms, to install the iFix on RLKS 8.1.3, follow the steps mentioned to install the Rational License Key Server fix on Windows platforms.

_For IBM RLS 8.x, RLS 7.x and IBM Telelogic License Server 2.0 Users _

There are no plans to release fixes for Rational License Server v8.x, v7.x and Telelogic License Server 2.0. IBM recommends all customers using these versions of license servers migrate to IBM Rational License Key server 8.1.3 and update the IBM Rational License Key server 8.1.3 with the fix for the security vulnerability described in this technote.

See the topic Migrate to Rational Common Licensing for instructions on migrating to RLKS 8.1.3.

You can download RLKS 8.1.3 from your Passport Advantage account or from the Rational products Releases web site.

Workarounds and Mitigations

If you do not wish to migrate to the IBM RLKS 8.1.3, you can use one of the possible mitigations outlined in technote 1622284: Mitigations for Rational License Key Server and Vendor Daemon vulnerability.