Title: Mathematica License Manager Arbitrary License Retrieval Vulnerability
Severity: MODERATE
Description:
Mathematica is a mathematical computation software package distributed and maintained by Wolfram Research.
A problem with the software can allow an arbitrary user to gain access to privileged information. This could result in the theft of licenses, and potentially denial of service of legitimate clients. The problem is in the license access control of Mathematica.
During normal operation, a client attempts to connect to the server, and request a license to run the Mathematica software. By default, all clients requesting licenses are granted access. With the addition of access control via other programs using the -restrict commandline function of Mathematica, the license manager verifies the authorization of a client by checking a database locally. If the client is authorized, the license is sent to the client. Otherwise, the client is denied access to a license.
Through a custom spoofed request, it's possible to gain access to a license by guessing the name of a system that has access to Mathematica. This can allow a remote user to retrieve and steal licenses for the product, and could also result in a denial of service by requesting all available licenses for the system.
Affected Products:
- Wolfram Research Mathematica 4.0.0
- Wolfram Research Mathematica 4.1.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
