Bugtraq mailing list archives
Re: Globetrotter FlexLM 'lmdown' bogosity
From: nneul () UMR EDU (Nathan Neulinger)
Date: Fri, 25 Sep 1998 15:55:38 -0500
Just start the server with the lmdown disabled. -- Nathan On Fri, Sep 25, 1998 at 02:31:28PM -0500, Valdis.Kletnieks () VT EDU wrote:
Well, here's an oldie but goodie, which we first saw at least 3 years ago. Lo and behold, it's apparently STILL broken. Sorry, no vendor notification - we told them 3 years ago. ;) FlexLM 'lmdown' command will chow your license server from anywhere on the Internet - all you need is a copy of the license file. The authentication appears to be "Well, you appear to be root on the machine that you typed 'lmdown' on". In fact, you don't even need the license file. At least on "(lmgrd) FLEXlm (v6.0d)", all you needed was your own file that had 'SERVER hostname bozo-number port'. Changing bozo-number didn't affect the ability to shut down the server. All you probably need to do is figure out the packet format, and launch one. ;) Any skriptz kiddies looking to write a DOS, here's your chance. ;) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
------------------------------------------------------------ Nathan Neulinger EMail: nneul () umr edu University of Missouri - Rolla Phone: (573) 341-4841 Computing Services Fax: (573) 341-4216
Current thread:
- Globetrotter FlexLM 'lmdown' bogosity Valdis.Kletnieks () VT EDU (Sep 25)
- Re: Globetrotter FlexLM 'lmdown' bogosity Nathan Neulinger (Sep 25)
- Root exploit for SCO OpenServer. Leshka (Sep 26)
- <Possible follow-ups>
- Re: Globetrotter FlexLM 'lmdown' bogosity Kemasa (Sep 27)
- Re: Globetrotter FlexLM 'lmdown' bogosity Nathan Neulinger (Sep 28)