• info
• discussion
• exploit
• solution
• references

Multiple Vendor FLEXlm Vulnerability

FLEXlm is a license manager product used by a wide range of vendors to license their products. There are two classes of vulnerabilities. Their description has been taken from the advisory by AUSCERT:

(a) Insecure configuration of vendor product installation

Due to some confusion in the documentation supplied to vendors using the FLEXlm package, the FLEXlm licence management software often runs with root privileges. This often occurs due to the FLEXlm daemons being started by the system initialisation scripts. If the daemons are running with root privileges they may be used by local users to gain unauthorised root privileges. This potentially affects all versions of the FLEXlm licence management daemon.

(b) Security vulnerability in FLEXlm licence management daemon

A vulnerability has been found in the FLEXlm licence management daemon which may allow local users unauthorised access to the account running the FLEXlm licence management daemon.