lmgrd.exe vulnerability

BenYuly · ‎09-19-2019

Hello all , my server works fine (volume license manager v 3.2)

I need to update Flexnet Publisher from 11.5 to 11.6. It is marked as a vulnerability and I need to mitigate this ASAP.

The only support article I found has old packages http://www.ni.com/tutorial/6032/en/

I tried to replace the old lmgrd.exe (11.5) with an 11.6 version I got from Matlab. It did not work

A candid question: I started working on this problem this week - is it National Instruments who has to provide the updates or LabView and Multisim, the software where I have subscriptions ?

Log starts

======================================

9:08:14 (lmgrd) FlexNet Licensing (v11.15.0.0 build 215548 i86_n3) started on <Licensing server> (IBM PC) (9/19/2019)
9:08:14 (lmgrd) Copyright (c) 1988-2017 Flexera Software LLC. All Rights Reserved.
9:08:14 (lmgrd) World Wide Web: http://www.flexerasoftware.com
9:08:14 (lmgrd) License file(s): C:\ProgramData\National Instruments\Volume License Manager\nivlm.lic

....

9:08:14 (lmgrd) Starting vendor daemons ...
9:08:14 (lmgrd) Started nilm (pid 5332)
9:08:14 (nilm) FlexNet Licensing version v11.15.0.0 build 215548 i86_n3
9:08:14 (nilm) SLOG: Summary LOG statistics is enabled.

Claire.C · ‎09-30-2019

Hi BenYuly,

I think I may not be understanding your question, and LabVIEW and Multisim are both owned by NI. However, National Instruments provides updates to our licensing deamon (nilm.exe), but not the license manager deamon (lmgrd.exe), which is created by Flexera Software. As I understand it, we currently do not have a new version of the licensing deamon that is compatible with version 11.6; 11.5 is the latest we are working with.

Can you give a bit more information about that vulnerability and where you're seeing that? That may be helpful information for our R&D teams.

Claire C.
AppSW Staff Product Support Engineer
National Instruments
CLD|CTD

BenYuly · ‎10-18-2019

Dear Claire,

Thanks for your response. The problem is, 11.5 has a security vulnerability that needs to be patched. We really need the NI daemon to be compatible with the latest version to be secure.

Is there an ETA for compatibility with the latest version?

Thanks!

Claire.C · ‎10-21-2019

Hi Ben Yuly,

As I understand, this is something that we are looking to address, but we do not have specific public timelines for a release at this time.

Best,

Claire C.
AppSW Staff Product Support Engineer
National Instruments
CLD|CTD

joe_Penn_State · ‎10-30-2019

This is something that really needs to be escalated. It's causing us major headaches here at Penn State as our VLM is used University-wide. Our IT department has firewalled our VLM server from most of the university until this is fixed, causing a disruption in teaching.

Is there somebody within NI that we can appeal to who can accelerate this process?

Claire.C · ‎10-30-2019

Hi Joe,

I will escalate this to that team as I understand this is extremely frustrating and is causing disruptions. I know that this is something that we are working to fix, but that process just takes some time.

Claire C.
AppSW Staff Product Support Engineer
National Instruments
CLD|CTD

joe_Penn_State · ‎11-07-2019

Any updates on the timeline for this?

sassyaspy · ‎02-12-2020

VLM 3.2.2 patch (released November 2019) upgraded the Flexnet Publisher libraries to address CVE-2018-20033. Details:

http://www.ni.com/product-documentation/55248/en/

Volume License Manager and Automated Software Installation

lmgrd.exe vulnerability

lmgrd.exe vulnerability

Re: lmgrd.exe vulnerability

Re: lmgrd.exe vulnerability

Re: lmgrd.exe vulnerability

Re: lmgrd.exe vulnerability

Re: lmgrd.exe vulnerability

Re: lmgrd.exe vulnerability

Re: lmgrd.exe vulnerability