FlexNet Publisher Knowledge Base

Summary A potential vulnerability has been identified in FlexNet Publisher affecting versions prior to 2024 R1 (11.19.6.0). This issue may allow local privilege escalation due to an uncontrolled search path element. We advise customers to upgrade their FlexNet Publisher lmadmin.exe to version 2024 R1 (11.19.6.0) where this issue has been resolved. Producers potentially affected by this issue include: Producers using lmadmin.exe prior to version 2024 R1 are affected by this vulnerability. Producers utilizing the VD with Secure Comms functionality prior to version 2024 R1 are affected by this vulnerability. Producers utilizing the VD without Secure Comms functionality are not affected by this vulnerability. Description A misconfiguration in FlexNet Publisher lmadmin.exe allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges. Fix Version and Resolution This issue is addressed in FlexNet Publisher 2024 R1 (11.19.6.0) release. As a precaution, we strongly advise users to upgrade to FlexNet Publisher 2024 R1 (11.19.6.0) or later. The latest version of the lmadmin can be downloaded from the FlexNet Publisher lmadmin download links page. Producers can download the latest version of the lmgrd from the Product and License Center. We advise End Users to request the latest version from the software vendor.   Additional Information Link to CVE:  https://www.cve.org/CVERecord?id=CVE-2024-2658 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2658 Credit: For identifying this issue and disclosing it to Revenera PSIRT under the responsible disclosure process, we'd like to credit Xavier DANEST working with Trend Micro Zero Day Initiative.

This article documents the FlexNet Publisher Licensing release highlights introduced each year, starting from 2008 to present: Release Description 2024 (11.19.x) Introduced Ecomms Between Secure Utilites and Vendor Daemon Support for MacOS14 2023 (11.19.X) Support for Nutanix AHV Enhanced the Amazon Web Service Instance Detection Resolved loss of User Checked Out Information During Time Out The ability of FlexNet Publisher to extract the serial number from the NVMe (Non-Volatile Memory Express) SSD Windows system disk has been improved Third-Party Library Updates Support for MAC 13 (Certificate is fully supported and TS supported via workaround ) The lmadmin graphical user interface has been enhanced to display a borrowed license’s expiration Resolved an external researcher reported a Remote Code Execution (RCE) vulnerability in the lmadmin web user interface Resolved incorrect Client Data Issue with the Inactive License Usage reporting in lmgrd and lmadmin installers (Windows and Linux) Support for transferred counted license model Non-LSB compliance Linux kits with latest versions of FlexNet Publisher Platform support for Mac 12.5.1 and Mac 13.1 2022 (11.19.X) TLS-based encrypted communication between client and vendor daemon New Environment Variable for flexlm Diagnostics Log’s Path lmadmin safety: user-lockout for 10 mins after 3 unsuccessful password attempts Security updates The Wibu dongle drivers have been upgraded from v6.51 to v6.60 Support for Windows 11 OS Support for Visual Studio 2022 Enhancements for Secure Communication Added an optional command line option “-datestamp” Support for macOS 12.0 beta Monterey New API: lc_dupuserlist New Obfuscation Mechanism for Client and Server Communication Third-Party Library Updates SafeNet dongle drivers have been upgraded to version 8.43. Support for RHEL 9 Support for macOS 12.0 Monterey Support for Windows Server 2022 OS 2021 (11.18.X) Support for Windows Server 2022 OS Support for macOS 12.0 Monterey Batch Checkout Docker container (locking server/feature lines with Container_ID) Borrow Cache Improvements Support for lmadmin on macOS 11.0 Big Sur Support for macOS 11.0 Big Sur on Intel Architecture The Ubuntu platform is now supported for Safenet (FLEXID9) dongles Security updates New Vendor Variable for Detecting Licenses with Clients During Network Disconnect Introduced a New Error Message for FlexNet Licensing Service Change in Detection Technique Under Azure Cloud Environment The Safenet dongle drivers have been upgraded from v8.21 to v8.23. 2020 (11.17.X) Automatic rollover of server log Re-Introduction of Common Vendor Daemon APIs to support containerization/docker Efficient Reservations (API Based) Everrun Hypervisor Support LM_PROJECT Extension  lmstat to report on project lmswitch with rollOver option Utility to obfuscate username in server log (For GDPR) License validation utility Introduction of Asynchronous lc_vsend New Diagnostics - Client Message Based Diagnostics Examples for Server and Client - Automated Recovery of Trusted Storage Timezone message protocol simplification 2019 (11.16.x) Lmstat enhancements –no-user-info Reserved buffer for utilities MAX_CONN UMN1 Enhacements Connections limit by options file Relative path support for Vendor Daemon Server behavior changes on ReRead Support for macOS Notarization Protocol simplification for performance improvement TsActDiag with FNP publisher toolkit 2018 (11.15.x - 11.16.x) FNP support for ARM architecture Trusted Storage Diagnostics & Health Checks 64-bit lmadmin launchd compliance on macOS for lmadmin and lmgrd Position-Independent Executables (PIE) on Linux Security Fixes and Updates INCLUDE/EXCLUDE options for checkout from trusted storage Physical binding to TPM on Windows Username anonymity in REPORTLOG lc_feat_list enhancement Option to configure SOAP communication in lmadmin 2017 (11.14.x - 11.15) Security Updates New options file keywords INCLUDEALL ENTITLEMENT, EXCLUDEALL ENTITLEMENT TPM (Trusted Patform Module) host-id Virtualization detection for certificate based application without FNLS 2016 (11.13.x - 11.14.x) Partial Available Checkout Server shortcodes Borrow enhancements lmadmin Active Directory integration support Visual Studio 2015 support Improvements to Cloud support -2 -p -local option enhancement AMZN_EIP HostID VCG support on XFS filesystems FlexNet Licensing Service, Virtualization and Performance Improvements Extracting Client HostID from Vendor Daemon (VD) Callbacks 2015 (11.13.x) Security Fixes Improved Server Stability Performance fixes for java clients Vendor daemon callback for OVERDRAFT licenses Cloud and Virtualization Enhancements 2014 (11.11.x - 11.13) Activation borrow reclaim on trusted storage Improved virtualization support for trusted storage based licensing Options file keywords for activation borrow Determining license source of a feature Dongle updates PACKAGE support with trusted storage Trusted Storage license server automatic reread Vendor daemon hardening 2013 (11.1.1 - 11.12) Virtualization Support for Activation and Trusted Storage Elimination of cross version signature Enhanced license server diagnostics in the debug log Support for Windows 8 and Server 2012 Windows SafeSEH compatibility Local Activation for Server-Side Trusted Storage Scheduled checks on Updates in Trusted Storage Non-English Characters in Activations Software Tagging Now Supported for lmadmin and lmgrd Callback for Vendor Daemon Shutdown 2012 (11.10.1 - 11.11, 10.8.10) Support for Prepped Trusted Configuration Support for Xen Virtual Environments UMN4 for Linux Machine Identification Support for Mac OS X 10.8.x Purge Option for lmborrow Override Feature for IP Addresses Support for New Ethernet Device Names on Linux Support for Teamed Ethernet Interfaces Activations for License Servers in Bandwidth-Restricted Environments Retrieve Response XML From Online Activations Support for Mac OS X 10.7.x lmadmin Security Fixes 2011 (11.9.1 - 11.10) Support for Licensing in a Cloud Environment Support for Mac Lion Ability to Run lmbind Outside of a Hypervisor Console OS Virtualization Support for Activation and Trusted Storage Improved Support for Secure Data Types in License File-Based Licensing Support for Active Directory Users and Groups in lmadmin WhiteHat Certification for lmadmin Support for Flexid 9 Dongle with 2GB of Flash Memory Java Toolkit Supports Dongles from Wibu-Systems 2010 (11.8.0 - 11.9.0) Virtualization: Support for Hyper-V lmstrip Improvements Dongle support for WibuKey, from Wibu Systems AG, Support for Visual Studio 2010 Compiler C# Wrapper for Activation APIs Composite Transactions (for Trusted Storage Licensing) Virtualization: lmbind and UUID of an ESX Virtual Container 2009 (11.6.1 - 11.7, 10.8.8 - 10.8.9) Support for Microsoft Visual Studio 2008 Support for Windows Server 2008 Support for Hostids from Virtual Ethernet Adapters on Windows Platforms Improved UMN2 on Windows Trusted Storage Backup Installer for lmadmin Linux Standard Base (LSB) certification Time zone licensing Trial packs Automatic Re-Read in Options File 2008 (10.8.7 - 11.6) GUI-based License Server Manager - lmadmin Licensing Toolkit Supports Mac OS X 10.5 (Leopard) and 64-bit Intel Hardware Activation API Functions to ‘Cancel’ a Failed Return Request Support for Multiple Ethernet Hostids on Some Platforms Support for Machine Virtualization - VMware ESX Server  

Introduction How to work with Transferrable Counted Model(Windows only) a new feature/Option in Flexnet Publisher Instructions A step-by-step breakdown of the process: Start the Parent Licensing Server: Include a FEATURE line with the BORROW keyword in a license file. Set the lmpath for the Parent Machine from the Remote Machine: Ensure the remote machine can access the licensing server. Set the Expiry for License Transfer: Use the lmtransfer utility to set the expiry date for transferring the license from the remote machine. Example command: lmtransfer vendorname -set dd-Feb-yyyy [hh:mm] Check the transfer status with lmtransfer.exe vendorname -status. Note: if you are doing this programmatically you may do it by using the API. Call the lc_transfer_lic() API: Modify the lmflex file to call the lc_transfer_lic() API instead of lc_checkout(). Start the client on the remote system and transfer a license to the remote system. Example code snippet: if(lc_transfer_lic(lm_job, feature, "1.0", nlic, &code)) { lc_perror(lm_job, "license transfer failed"); cleanup(initHandle); exit (lc_get_errno(lm_job)); } Start the Child Server on the Remote Machine: Start the child server using lmgrd.exe -c license_file -servTransferred. Note: Generate a dummy license file with only SERVER and VENDOR lines and use it as an argument. Example command: lmgrd.exe -c dummy.lic -servTransferred This is sufficient to start the child server which starts serving the transferred feature. But there is an issue FNPX-27110 which is related to lmstat, this gets resolved when we have one feature line in the license file. More Information A dummy lmflex.c along with the license file example is attached. The syntax for lmflex for the attached code only: lmflex <license count> <1 for lc_checkout and 2 for lc_transfer_lic>

Introduction When running lmhostid.exe on a virtual machine to obtain the VM_UUID the following error has been thrown: "C:\jmcmillan\x64_n6-11.19.6.0_v6\x64_n6>lmhostid -ptype vm uuid lmhostid - Copyright (c) 1989-2024 Flexera. All Rights Reserved. The FlexNet host ID of this machine is "" lmhostid: The VM Host ID is not available. (-215,14704)" Cause This error is thrown if the Windows Management Instrumentation (WMI) service is either not running or is disabled. Resolution Start the Windows Management Instrumentation (WMI) service and then restart the Flexnet Licensing Service. More Information This problem had occurred on virtual machine (Windows Server 2022) that was running in an ESXi hypervisor.

Introduction Secure communication failed with error Ecomms: Startup failed, res=-279 when using the default builds for fnpssl static version, how to fix it?  Instructions With ls_secure_comms = 1; in vendor c file and using the default builds if getting the below error in the daemon logs 18:14:03 (demo) Ecomms: Starting 18:14:03 (demo) Ecomms: SSL/TLS initialization failed 18:14:03 (demo) Ecomms: Startup failed, res=-279 18:14:03 (demo) Ecomms: Disabled 18:14:03 (demo) Changing message security level from -1 to 0 If getting SSL/TLS initialization failed then as per the documentation  -279 LM_ECOMMS_ERROR “the libfnpssl shared library is not available in the current working directory” The library is not available to enable secure communication. Find the error code documented already.  More Information Find more information at FlexNet Publisher 2024 R1 (11.19.6) Programming Reference for License File–Based Licensing page number 107

This article includes links to download the latest version of the FlexNet Publisher lmadmin. NOTE:  Only the latest version of the lmadmin will be available for download. For prior versions, you must contact your software producer. For more information about the FlexNet Publisher Lifecycle Timeline, click here. If you require any assistance with the lmadmin, you must contact your software producer. Revenera does not provide end user support for this utility.    Platform Description Release File Windows Windows x86-64 2024 R1 (11.19.6) lmadmin-x64_n6-11.19.6.0.zip Installer for Windows x86-64 2024 R1 (11.19.6) lmadmin-x64_n6-11_19_6_0.exe Linux Linux x86-64 2024 R1 (11.19.6) lmadmin-x64_linux-11.19.6.0.tgz Installer for Linux x86-64 2024 R1 (11.19.6) lmadmin-x64_linux-11_19_6_0.bin Linux x86-32 2024 R1 (11.19.6) lmadmin-i86_linux-11.19.6.0.tgz Installer for Linux x86-32 2024 R1 (11.19.6) lmadmin-i86_linux-11_19_6_0.bin macOS macOS Universal2 2024 R1 (11.19.6) lmadmin-universal2_mac11-11.19.6.0.tgz Installer for macOS Universal2 2024 R1 (11.19.6) lmadmin-universal2_mac11-11_19_6_0.zip macOS 10.14 2024 R1 (11.19.6) lmadmin-x64_mac10-11.19.6.0.tgz Installer for macOS 10.14 2024 R1 (11.19.6) lmadmin-x64_mac10-11_19_6_0.zip Solaris (SPARC) Solaris SPARC 64 2024 R1 (11.19.6) lmadmin-sun64_u10-11.19.6.0.tgz Installer for Solaris SPARC 64 2024 R1 (11.19.6) lmadmin-sun64_u10-11_19_6_0.bin Solaris SPARC 32 2024 R1 (11.19.6) lmadmin-sun4_u10-11.19.6.0.tgz Installer for Solaris SPARC 32 2024 R1 (11.19.6) lmadmin-sun4_u10-11_19_6_0.bin Solaris (x86) Solaris x86-64 2024 R1 (11.19.6) lmadmin-x64_sun10-11.19.6.0.tgz Installer for Solaris x86-64 2024 R1 (11.19.6) lmadmin-x64_sun10-11_19_6_0.bin Solaris x86-32 2024 R1 (11.19.6) lmadmin-x86_sol10-11.19.6.0.tgz Installer for Solaris x86-32 2024 R1 (11.19.6) lmadmin-x86_sol10-11_19_6_0.bin AIX AIX Power PC 64 2024 R1 (11.19.6) lmadmin-rs64_u5-11.19.6.0.tgz Installer for AIX Power PC 64 2024 R1 (11.19.6) lmadmin-rs64_u5-11_19_6_0.bin AIX Power PC 32 2023 R3 (11.19.5) lmadmin-ppc_u5-11.19.5.0.tgz Installer for AIX Power PC 32 2023 R3 (11.19.5) lmadmin-ppc_u5-11_19_5_0.bin  

Question How to fix the error FlexNet Licensing error:-16,287  Answer To fix this error, make sure to open traffic/allow in the firewall for both LMGRD and Vendor daemon port. More Information Both error relates to the unavailability of reading the data from the descriptor (Windows) Error -16,287 represents that functionality is timed out while waiting for the descriptor to be ready for read. Error -16,10009 represents that the descriptor was ready for reading but while performing reading the error is thrown.

Introduction Trusted storage activation failed with ERROR: Activation library initialization failed: status 2 when running the appactutil utility to activate the licence on Linux platform, how to fix it.    [fnpuser@fnp-ts-rhel8 x64_lsb]$ ./appactutil -a ERROR: Activation library initialization failed: status 2 [fnpuser@fnp-ts-rhel8 x64_lsb]$ ./appactutil -view ERROR: Activation library initialization failed: status 2   Troubleshooting Steps  If this is the first time you have built a production toolkit then On UNIX hosts, set the environment variable, LD_LIBRARY_PATH, to the current working directory before proceeding.  Use a command similar to the following: $setenv LD_LIBRARY_PATH . If you are using Bash shell then # set LD_LIBRARY_PATH . Ideally, this should fix the issue if not then give a try  [fnpuser@fnp-ts-rhel8 x64_lsb]$ export LD_LIBRARY_PATH=.:/usr/lib:/usr/local/lib [fnpuser@fnp-ts-rhel8 x64_lsb]$ ./appactutil -v Outcome When run the ./appactutil -v The following message is displayed if no fulfillment records are present: No fulfillment records in trusted storage. More Information Also, to check FUSE is running ok, enter this command (as user, not root):- [fnpuser@fnp-ts-rhel8 x64_lsb]$ ls -ld /dev/shm/FlexNetFs*/SFA –> should see a file being listed [fnpuser@fnp-ts-rhel8 x64_lsb]$ ls -ld /dev/shm/FlexNetFs*/SFA drwxrwxrwx 2 stuarts eng 1024 Jul  3 10:42 /dev/shm/FlexNetFs.74689/SFA –>shouldn't see this [fnpuser@fnp-ts-rhel8 x64_lsb]$ ls -ld /dev/shm/FlexNetFs*/SFA ls: cannot access /dev/shm/FlexNetFs*/SFA: No such file or directory

Question The AUTO_ROLLOVER option enables the auto rollover of the debug log file, which automatically performs the rollover functionality of the debug log file when the debug log file size crosses the specified value. The default value would be 512MB. The automatic rollover will always be performed at midnight. In case we want to rollover the debug logfile once the log reaches the specified size then how we can rollover the log using lmswitch. Answer There are two script files which will help to rollover the debug log once the size of the file has reached to a specific size limit (no need to wait until midnight) The attached AUTO_ROLLOVER_with_lmswitch.zip has the following files.  windows_Rollover.bat -> which is windows rollover batch file Windows_Rollover_HowTo.docx -> Readme for the windows_Rollover.bat file  rollover.sh -> Linux script file which has the read me as well.  Both the scripts can be scheduled using task or corn job to automate. More Information DEBUGLOG lmswitch

  Vulnerability ID Affected Module FNP Component JIRA (If any, Internal For Revenera) Fixed in Release Comments CVSS2                 1 CVE-2020-11984 apache lmadmin.exe FNP-23859 FNP v11.17.2     2 CVE-2020-9490 apache lmadmin.exe FNP-23860 FNP v11.17.2     3 CVE-2020-11993 apache lmadmin.exe FNP-23861 FNP v11.17.2     4 CVE-2014-3596 axis axis.jar FNP-24232   Under assesment with Engineering 5.8 5 CVE-2012-5784 axis axis.jar FNP-24232   Under assesment with Engineering 5.8 6 CVE-2019-0227 axis axis.jar FNP-24232   Under assesment with Engineering 5.4 7 CVE-2018-8032 axis axis.jar FNP-24232   Under assesment with Engineering 4.3 8 CVE-2018-20843 expat haspsrm_win64.dll FNP-22651 FNP v11.17.2     9 CVE-2019-15903 expat haspsrm_win64.dll FNP-22651 FNP v11.17.2     10 CVE-2019-7659 gsoap lmadmin.exe FNP-20529 Not an Issue with FNP The vulnerability will be introduced if gsoap is build with WITH_COOKIES flag enabled. In FNP, gsoap is built without WITH_COOKIES. Hence, mentioned vulnerability will not impact FnpCommsSoap.dll or FNP.   11 CVE-2007-6059 javamail mail.jar FNP-17545   Javamail Vulnerability - Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products.   12 CVE-2020-24977 libxml2 lmadmin.exe FNP-23595   Under assesment with Engineering 6.4 13 CVE-2019-1563 openssl libcrypto-1_1-x64.dll No Issues Reported Yet I see that OpenSSL version in FNP-11.17.1 is 1.1.0k. So, this shouldn't have been reported in v11.17.1 lmadmin Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s) 4.3 14 CVE-2020-14155 pcre lmadmin.exe FNP-23271 FNP v11.17.2     15 CVE-2018-1311 xerces-c++ xerces-c_3_2.dll FNP-22313 No Fix Needed for FNP The Vulnerability reported has not been resolved any of the published versions of xerces, thus we can not update it to some version with resolved vulnerability, but this vulnerability can be mitigated by disabling the DTD processing while using the parser from xerces. On analysis of lmadmin, we figured out that DTD processing is already been disabled using the DOM parser from long time. Thus lmadmin is not vulnerable to this vulnerability "CVE-2018-1311" and no fix is required for the same.   16 CVE-2016-9840 zlib hasp_rt.exe FNP-19942 && FNP-17545 FNP v11.17.2     17 CVE-2016-9841 zlib hasp_rt.exe FNP-19942 && FNP-17545 FNP v11.17.2     18 CVE-2016-9842 zlib hasp_rt.exe FNP-19942 && FNP-17545 FNP v11.17.2     19 CVE-2016-9843 zlib hasp_rt.exe FNP-19942 && FNP-17545 FNP v11.17.2     20 CVE-2020-7595 CVE-2019-20388 CVE-2020-24977 libxml2 lmadmin FNP-23595 FNP v11.18.1 Multiple vulnerabilities were found in libxml2 v2.9.10, which is used by lmadmin. Latest available patches were applied to libxml2 to resolve the vulnerabilities CVE-2020-7595, CVE-2019-20388 and CVE-2020-24977   21 CVE-2021-3450 openssl lmadmin FNP-25063 FNP v11.18.1 The CVE-2021-3450 vulnerability is seen with openssl-1.1.1i version in 11.18.1.0 release. It will be resolved in successive FNP release.   22 CVE-1999-0236 CVE-1999-1412 CVE-2007-0086 apache lmgrd,lmadmin and unitily FNP-25244 FNP v11.18.2 The vulnerabilities CVE-1999-0236, CVE-1999-1412, and CVE-2007-0086, which were observed through Code Insight Scan has been resolved. 10.0 23 CVE-2022-40303   libxml2 FNP-27980 FNP-27932 FNP v11.19.4 The vulnerabilities CVE-2022-40303 and CVE-2022-40304 are fixed by upgrading the libxml2 from version 2.9.14 to version 2.10.3.  

Summary This article contains information about a defect in FlexNet Publisher 11.19.2, 11.19.3, or 11.9.4 that may prevent vendor daemons from starting and serving license successfully. A fix will be available in FlexNet Publisher 11.19.4.1. Note: This defect does not affect FlexNet Publisher 11.19.1 or earlier versions. Symptoms For integrations that upgraded to FlexNet Publisher 11.19.2, 11.19.3, or 11.19.4, the following errors may be observed when starting the vendor daemon: Inconsistent authentication code Feature <feature_name> is not enabled yet Upon encountering these errors, the vendor daemon fails to start and cannot serve licenses. Steps to Reproduce Integrate with FlexNet Publisher to version 11.19.2, 11.19.3, or 11.19.4. Start the FlexNet Publisher license server using a previously signed FlexNet Publisher license file or a newly signed license file. Errors will appear in the lmgrd log file. Workaround There is no workaround for this issue. Fix Version and Resolution This issue will be addressed in FlexNet Publisher 11.19.4.1. Software producers will need to upgrade to FlexNet Publisher 11.19.4.1 or later. If your FlexNet Publisher uses 11.19.1 or earlier and you are trying to integrate with FlexNet Publisher 11.19.2, 11.19.3 and 11.19.4, depending on your integration, you may observe the errors mentioned above. In this case, we recommend you pause your integration with 11.19.2, 11.19.3 or 11.19.4 and wait to integrate with 11.19.4.1 or later. If your FlexNet Publisher was upgraded to FlexNet Publisher versions 11.19.2, 11.19.3 or 11.19.4, then please follow the steps mentioned below: Integrate with FlexNet Publisher 11.19.4.1 or later. Any license files crypted with 11.19.2, 11.19.3 or 11.19.4 must be re-crypted with 11.19.4.1 or later. The vendor daemon must be started with the re-crypted license file. A release date for 11.19.4.1 will be announced on the FlexNet Publisher News article: [Advisory]: Known Issue Affecting FlexNet Publisher 11.19.4.0 License Server Startup. 

Summary A remote code execution (RCE) vulnerability was identified in the FlexNet Publisher lmadmin web user interface. This vulnerability is addressed in the FlexNet Publisher 2023 R2 (11.19.4.0) release.   Symptoms If exploited, the vulnerability allows the execution of a rogue vendor daemon using the UNC path.  NOTE: This vulnerability does not impact the lmgrd utility. Steps to Reproduce For security reasons, we will not publish details for reproducing the vulnerability. Workaround We advise users to upgrade their lmadmin to 11.19.4.0 or greater. If users are unable to upgrade, license server administrators may start lmadmin with the -noweb option to disable the lmadmin web module. This prevents lmadmin from being accessed through a web browser and it will only be accessible via the console.  Fix Version and Resolution The vulnerability is addressed in FlexNet Publisher 2023 R2 (11.19.4.0) which was released on May 17, 2023. Users are advised to upgrade their lmadmin to 11.19.4.0 or greater. License server administrators may download the latest lmadmin from the FlexNet Publisher lmadmin download links page. Additional Information For identifying this vulnerability and disclosing it to Revenera under a responsible disclosure process, we'd like to thank and credit Mattias Dewulf, co-founder of Spinae. 

Introduction: Code to get the startup time of the vendor daemon (when the vendor daemon was started) using FNP C API . Instructions: 1. LM_A_VD_GENERIC_INFO gets information that is not specific to a feature and is mostly found in lsvendor.c.  2. In the structure of LM_VD_GENERIC_INFO there is a variable "vd_start" which can be used to get the startup time .      

Introduction In RHEL9, the LSB component is not offered as part of the supported distribution. Components in FlexNet Publisher, such as lmgrd, require the LSB-loader. If this is not present, lmgrd and other utilities will fail to run with a No such file or directory error. Instructions As a workaround, specify a soft link to the native loader. The following symlinks have been verified on RHEL9: 32-bit Linux sudo bash -c "if [ ! -e /lib/ld-lsb.so.3 ]; then ln -s ld-linux.so.2 /lib/ldlsb.so.3; fi" 64-bit Linux sudo bash -c "if [ ! -e /lib64/ld-lsb-x86-64.so.3 ]; then ln -s ld-linux-x86-64.so.2 /lib64/ld-lsb-x86-64.so.3; fi“ More Information From 11.13.1.3, the install_fnp.sh script will issue a warning if LSB is not detected on the host. Additionally, this script supports a new -nolsb parameter, which sets up the above symlinks.

Introduction When we tried to reset the Password of the admin user after installation of lmadmin it failed with the error "old password is incorrect". Due to this error, we are not able to change the default admin user password from admin to something else then how to fix this issue? Troubleshooting Steps After following the lmadmin installation steps and trying to change the admin user password in the UI, due to the old password is incorrect error,  we are not able to change the default password, what are all the other steps that can be helpful to fix this issue?  Uninstall the lmadmin from the installed directory "C:\Program Files\FlexNet Publisher 64-bit License Server Manager\uninstall\Uninstall FlexNet Publisher License Server Manager" Again try to Install the lmadmin as administrator (right-click the lmadmin installer and run as administrator) Then start the service, make sure the service is running and try to log in with the admin user and password as "admin" and try to change the new password.  Still getting the "old password is incorrect" error message and the server.xml file is not being updated then follow the solution to fix this error. Solution: The lmadmin64 service may be Installed as a Local service account which is not correct and this was not allowed to access the config file service.xml and update the new password.  The lmadmin64 should run on the Local System account to get all access to the config files. So change the account from local service to local systems account and then save, and restart the service.  Now go to the lmadmin user interface and try to change the password, this time we can change the admin user password from default to any other password.  Outcome This issue is happening in some of the Windows servers and not all the Windows systems so please follow the steps to change the service account to fix this issue, this will allow us to update the admin user password.  More Information Manual updating of the server.xml also will not help in this case.

Introduction In 2020, Red Hat removed the LSB (Linux Standard Base) packages from its distributions. LSB was a set of standards for Linux distributions that aimed to promote interoperability between different distributions. Feature Use Cases With the major Linux distributions moving away from support for Linux Standard Base (LSB) it is no longer feasible to provide FNP Release Kits predicated on compliance with LSB. So FNP is planning to release non LSB kits .The license server will no longer rely on LSB going forward .   More Information The tentative timelines for release of non LSB kits is 2023 R3(3rd quarter of 2023) i.e FNP 11.19.5.0 .  

Summary Starting from FNP 11.19.3, (shared HASP dongle driver version 8.53 and DLL's version 8.5) the dongle DLL will not be backwards compatible with FNP 11.19.2 and older versions of clients. Symptoms Starting from FNP 11.19.3 and the Safenet Dongle Drivers are not compatible and getting the error "ALADDIN DLL Signature not matched", when trying to fetch Aladdin-id from the older FNP client kit with the latest driver 8.53 and haspsrm_win64.dll version 8.5 installed. As per the FlexNet Publisher 2023 R1 11.19.3 Release Notes (February 2023) this is a known dongle issue due to the change in the DLL signature from "Symantec" to "DigiCert".  Steps to Reproduce Download and extract the latest FNP toolkit 11.19.3 and build the toolkit for DONGLE. nmake -f makefile.act DONGLE=1 Install the latest Aladdin dongle device driver 8.53 and place the haspsrm_win64.dll or haspsrm_win32.dll(version 8.5) to C:\Windows\SysWOW64 or C:\Windows\System32  Plugin dongle 9 into the device and run lmhostid -flexid -long to fetch from dongle 9 device. Now, Try fetching flexid using the older version kit and observer the error "ALADDIN DLL Signature not matched" Workaround In case of backward compatibility support, try to use old DLLs (version less than 8.5) with the latest drivers 8.53 to support older clients. 

Summary Starting from FNP 11.19.0, (shared Wibu dongle driver version 6.60 and DLL's version 6.60) the dongle DLL will not be backwards compatible with FNP 11.18.3 and older versions of clients. Symptoms Starting from FNP 11.19.0 and the Wibu Dongle Drivers are not compatible and getting the error "WIBU DLL Signature not matched", when trying to fetch Wibu-id from the older FNP client kit with the latest driver 6.60 and WkWin32.dll or WkWin64.dll version 6.60 installed. As per the FlexNet Publisher 2023 R1 11.19.0 Release Notes (March 2022) this is a known dongle issue due to the change in the DLL signature from "Symantec" to "DigiCert".  Steps to Reproduce Download and extract the latest FNP toolkit 11.19.0 or the latest and build the toolkit for DONGLE. nmake -f makefile.act DONGLE=1 Install the latest Wibu dongle device driver 6.60 and make sure the WkWin32.dll or WkWin64.dll are placed correctly into C:\Windows\SysWOW64 or C:\Windows\System32  Plugin dongle 10 into the device and run lmhostid -flexid -long to fetch from dongle 10 device. Now, Try fetching flexid using the FNP 11.18.3 or older version kit and observer the error "WIBU DLL Signature not matched" Workaround In case of backward compatibility support, try to use old DLLs (version less than 6.60) with the latest drivers 6.60 to support older clients. 

Question Whether FlexNet Publisher is impacted by the OpenSSL vulnerability  CVE-2023-0286, CVE-2023-0215, CVE-2022-4450 and CVE-2022-4304 and when this will be fixed. Answer Vulnerability CVE-2023-0286, CVE-2023-0215, CVE-2022-4450 and CVE-2022-4304 are observed in FlexNet Publisher as per the scan report in the latest FNP version to resolve this issue the OpenSSL is now Upgraded OpenSSL-1.1.1s to OpenSSL-1.1.1t in FNP 11.19.4 which will resolve all vulnerability reported in FNP 11.19.3 (FNP 2023.R1) More Information Vulnerability : CVE-2022-2097 and CVE-2022-2068 https://nvd.nist.gov/vuln/detail/CVE-2023-0286 https://nvd.nist.gov/vuln/detail/CVE-2023-0215 https://nvd.nist.gov/vuln/detail/CVE-2022-4450 https://nvd.nist.gov/vuln/detail/CVE-2022-4304

Question What are all the versions of lmadmin that were impacted and mitigation details related to Log4j vulnerabilities that surfaced in 2021? Answer All FlexNet Publisher lmadmin versions between 2020 R3 (11.17.1.0) to 2021 R4 (11.18.3.0) have log4j vulnerability and hence should not use or download from Revenera PLC. Start to use the lmadmin version later than FlexNet Publisher version 2021 R4. More Information Still want to use the lmadmin versions between 2020 R3 to 2021 R4 and then follow the workaround