cbcvebase.
CVE-2015-8277
published 2016-02-24

CVE-2015-8277: Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute…

PriorityP268critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
28.68%
97.9th percentile
Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a.

Affected

1 ranges
VendorProductVersion rangeFixed in
flexerasoftwareflexnet_publisher<= 11.13.1.0

Detection & IOCsextracted from sources · hover to see the quote

otheropcode 0x107
otheropcode 0x10a
processlmgrd.exe
processlmadmin.exe
bytes
2F C4 3A 1C 00 25 01 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • Detect crafted packets targeting FlexNet Publisher lmgrd/lmadmin with opcodes 0x107 or 0x10a; these opcodes in incoming packets to the license server port indicate exploitation attempts for CVE-2015-8277.
  • Monitor for crafted packets beginning with byte sequence '2F C4 3A 1C 00 25 01 19' sent to lmadmin.exe; this is the proof-of-concept packet structure associated with the related DoS/RCE condition (opcode 0x2F).
  • A custom string copying function in the license server manager (lmgrd/lmadmin) does not perform bounds checking; alert on unauthenticated remote connections sending oversized or malformed messages to the FlexNet Publisher license server port.
  • ·The Tenable advisory notes this may be a partial/incomplete fix for CVE-2015-8277 or a similar issue in a different binary (lmadmin.exe vs lmgrd.exe); detections should cover both processes.
  • ·No known public exploits specifically targeting CVE-2015-8277 were identified at time of CISA advisory publication; detection should focus on anomalous packet patterns rather than known exploit signatures.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.