Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability

======================================================================

                    Secunia Research 25/07/2016

  Reprise License Manager "actserver" Buffer Overflow Vulnerability

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerabilities.......................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

======================================================================
1) Affected Software

* Reprise License Manager version 12.0BL2. Other versions may also be
  affected.

======================================================================
2) Severity

Rating: Moderately critical
Impact: System compromise
Where:  From local network

======================================================================
3) Description of Vulnerabilities

Secunia Research have discovered a vulnerability in Reprise
License Manager (RLM), which can be exploited by malicious people to
compromise a vulnerable system.

The vulnerability is caused due to a boundary error when handling the
"actserver" POST parameter related to /goform/activate_doit, which
can be exploited to cause a stack-based buffer overflow via a
specially crafted HTTP request.

Successful exploitation of the vulnerability may allow execution of
arbitrary code.

======================================================================
4) Solution

Update to version 12.1BL2 if available for the supported platforms.

======================================================================
5) Time Table

01/06/2016 - Initial contact with vendor.
01/06/2016 - Vendor responds with service ticket ID.
02/06/2016 - Details transferred.
02/06/2016 - Vendor confirms reception and informs that the issues
             will be fixed in version 12.1.
28/06/2016 - Release of vendor patch.
30/06/2016 - Release of Secunia Advisory SA67000, which includes
             one of the vulnerabilities that is confirmed fixed.
25/07/2016 - Public disclosure of Research Advisory.

======================================================================
6) Credits

Discovered by Behzad Najjarpour Jabbari, Secunia Research at Flexera
Software.

======================================================================
7) References

Currently no CVE identifier is assigned.

======================================================================
8) About Secunia (now part of Flexera Software)

In September 2015, Secunia has been acquired by Flexera Software:

https://secunia.com/blog/435/

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/products/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/company/jobs/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2016-7/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================