PT-2017-12051 · Gemalto · Sentinel Ldk+2
Publicado
2017-10-02
·
Atualizado
2018-05-11
·
CVE-2017-11497
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Gemalto ACC (Admin Control Center) versions HASP SRM 2.10 through Sentinel LDK 7.50
Description
The issue is related to a stack buffer overflow in the hasplms component, which can be exploited by remote attackers to execute arbitrary code. This is achieved through language packs that contain filenames longer than 1024 characters.
Recommendations
For versions HASP SRM 2.10 through Sentinel LDK 7.50, consider restricting access to language packs to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using language packs with filenames longer than 1024 characters.
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gemalto Acc
Hasp Srm
Sentinel Ldk