Bugtraq mailing list archives

Re: Globetrotter FlexLM 'lmdown' bogosity

From: nneul () UMR EDU (Nathan Neulinger)
Date: Fri, 25 Sep 1998 15:55:38 -0500


Just start the server with the lmdown disabled.

-- Nathan

On Fri, Sep 25, 1998 at 02:31:28PM -0500, Valdis.Kletnieks () VT EDU wrote:

Well, here's an oldie but goodie, which we first saw at least 3 years
ago.  Lo and behold, it's apparently STILL broken.  Sorry, no vendor
notification - we told them 3 years ago. ;)

FlexLM 'lmdown' command will chow your license server from anywhere on
the Internet - all you need is a copy of the license file.  The
authentication appears to be "Well, you appear to be root on the
machine that you typed 'lmdown' on".

In fact, you don't even need the license file.  At least on "(lmgrd)
FLEXlm (v6.0d)", all you needed was your own file that had 'SERVER
hostname bozo-number port'.  Changing bozo-number didn't affect the
ability to shut down the server.  All you probably need to do is
figure out the packet format, and launch one. ;)

Any skriptz kiddies looking to write a DOS, here's your chance. ;)

--
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech


------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul () umr edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

Current thread:

Globetrotter FlexLM 'lmdown' bogosity Valdis.Kletnieks () VT EDU (Sep 25)
- Re: Globetrotter FlexLM 'lmdown' bogosity Nathan Neulinger (Sep 25)
- Root exploit for SCO OpenServer. Leshka (Sep 26)
- <Possible follow-ups>
- Re: Globetrotter FlexLM 'lmdown' bogosity Kemasa (Sep 27)
  - Re: Globetrotter FlexLM 'lmdown' bogosity Nathan Neulinger (Sep 28)