The security flaw
When sending a large amount of data to the SentinelLM service, it will
result in a buffer overflow
where the Extended Instruction Pointer are overwritten, allowing arbitrary
code being run on the server,
with the rights of the service.
About SafeNet inc.
SafeNet provides complete security utilizing its encryption technologies to
protect communications,
intellectual property and digital identities, and offers a full spectrum of
products including hardware,
software, and chips.
About Sentinel License Manager
Sentinel LM is a software-based license management application allowing
application developers
to implement multiple pre-built license models with a single software
development integration effort.
Read the entire CIRT-30-advisory at http://www.cirt.dk
When sending a large amount of data to the SentinelLM service, it will
result in a buffer overflow
where the Extended Instruction Pointer are overwritten, allowing arbitrary
code being run on the server,
with the rights of the service.
About SafeNet inc.
SafeNet provides complete security utilizing its encryption technologies to
protect communications,
intellectual property and digital identities, and offers a full spectrum of
products including hardware,
software, and chips.
About Sentinel License Manager
Sentinel LM is a software-based license management application allowing
application developers
to implement multiple pre-built license models with a single software
development integration effort.
Read the entire CIRT-30-advisory at http://www.cirt.dk
[ reply ]