Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1389

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-1389
Last Modified 23 Jan 2012 12:00:00
Published 19 Jan 2012 02:55:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1389

Summary

Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135.

Vulnerable Systems

Application

  • Ibm Rational License Key Server 8.0

  • Ibm Rational License Key Server 8.1

  • Ibm Rational License Key Server 8.1.1

  • Ibm Rational License Key Server 8.1.2

  • Ibm Rational License Server 7.0

  • Ibm Rational License Server 7.1

  • Ibm Rational License Server 7.5

  • Ibm Telelogic License Server 2.0


References

XF - rlc-logfiles-code-execution(71739)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-11-272/

BID - 49191

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg21577760

MISC - http://www.flexerasoftware.com/pl/13057.htm

SECUNIA - 47524

SECUNIA - 47522

MISC - http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200975&sliceId=1


Last Updated: 27 May 2016 10:57:22