CVE-2018-20032

Name of the Vulnerable Software and Affected Versions FlexNet Publisher versions 11.16.1.0 and earlier

Description A Denial of Service issue related to message decoding in the lmgrd and vendor daemon components allows a remote attacker to send a combination of messages, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. This is due to errors in message processing in the lmadmin service.

Recommendations For FlexNet Publisher versions 11.16.1.0 and earlier, consider restricting access to the lmgrd and vendor daemon components until a fix is available. As a temporary workaround, disabling the heartbeat mechanism between lmgrd and the vendor daemon may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.