IBM Support

PM79847: IBM Rational License Key server security vulnerability CVE-2011-1389, CVE-2011-4135

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The vulnerability reported for the IBM Rational License Key
    server in the below notice also exists in Rational License Key
    Server 8.1.3:
    
    http://www-01.ibm.com/support/docview.wss?uid=swg21577760
    
    The issue impacts the lmgrd executable that is part of Rational
    License Key Server.
    
    This issue can be mitigated by downloading the appropriate lmgrd
    executable from
    http://www.globes.com/support/fnp_utilities_download.htm#downloa
    ds
    
    Please note that the IBM Rational License Key server is a 32-bit
    process on systems that support both 32- and 64-bit
    applications, so the 32-bit version should be used where
    available.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Following 2 security vulnerabilities have been reported in
    IBM Rational License Key server: CVE-2011-1389,
    CVE-2011-4135.
    

Problem conclusion

  • Security vulnerabilities (CVE-2011-1389, CVE-2011-4135) have
    been fixed in RLKS 8.1.3 IFix02 release.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM79847

  • Reported component name

    RATIONAL LICENS

  • Reported component ID

    5648LIC00

  • Reported release

    813

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-01-02

  • Closed date

    2014-02-04

  • Last modified date

    2014-02-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    RATIONAL LICENS

  • Fixed component ID

    5648LIC00

Applicable component levels

  • R813 PSN

       UP



Document information

More support for: Rational License Key Server

Software version: 8.1.3

Reference #: PM79847

Modified date: 04 February 2014