[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVE-2014-8419 - CodeMeter Weak Service Permissions
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: CVE-2014-8419 - CodeMeter Weak Service Permissions
- From: ajs@xxxxxxxxxxxxxxx
- Date: Mon, 24 Nov 2014 14:25:34 GMT
CodeMeter Weak Service Permissions
Vendor Website : http://www.codemeter.com
INDEX
---------------------------------------
1. Background
2. Description
3. Affected Products
4. Vulnerability
5. Solution
6. Credit
7. Disclosure Timeline
8. CVE
1. BACKGROUND
---------------------------------------
CodeMeter from Wibu-Systems provides maximum protection against software
piracy and is bundled with multiple open-source products.
2. DESCRIPTION
---------------------------------------
When the CodeMeter runtime is installed on a Microsoft Windows operating
system, it creates a service named "codemeter.exe".
A local privilege escalation vulnerability has been identified in the
codemeter.exe Windows service. When installed with the default settings, this
service allows Read/Write access to any user, meaning any user can modify the
location of the binary executed by the service with SYSTEM privileges.
It should be noted that this vulnerability is not present in the most
recent version of Codemeter runtime (currently 5.20).
3. AFFECTED PRODUCTS
---------------------------------------
Only the following versions have been confirmed vulnerable:
CodeMeter Runtime 4.50b
CodeMeter Runtime 4.40
CodeMeter Runtime 4.20b
4. VULNERABILITIES
---------------------------------------
4.1 codemeter.exe
5. SOLUTION
---------------------------------------
Vendor contacted and approved for disclosure as most recent version is not
vulnerable.
6. CREDIT
---------------------------------------
This vulnerability was discovered by Andrew Smith and Matt Smith of Sword &
Shield Enterprise Security.
7. DISCLOSURE TIMELINE
---------------------------------------
7-16-2014 - Vulnerability Discovered
8-11-2014 - Vendor Informed
11-20-2014 - Public Disclosure
8. CVE
---------------------------------------
CVE-2014-8419