CVE-2001-1058

Name of the Vulnerable Software and Affected Versions Mathematica versions 4.0 through 4.1

Description The issue allows remote attackers to bypass access control and steal a license via a client request that includes the name of a host that is allowed to obtain the license. This is due to a flaw in the License Manager (mathlm) that fails to properly enforce the access control specified by the -restrict argument.

Recommendations For Mathematica versions 4.0 through 4.1, consider restricting access to the License Manager (mathlm) to minimize the risk of exploitation. As a temporary workaround, limit the ability of clients to request licenses by including the names of allowed hosts, until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.