发布时间 :2000-02-21 00:00:00
修订时间 :2008-09-10 15:03:18

[原文]The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files.

[CNNVD]Sun Licensing Manager符号链接漏洞(CNNVD-200002-061)

        Sun Flex License Manager (FlexLM)中lit程序跟随符号链接。本地用户借助此漏洞可以修改任意文件。

- CVSS (基础分值)

CVSS分值: 1.2 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源

- 漏洞信息

Sun Licensing Manager符号链接漏洞
低危 竞争条件
2000-02-21 00:00:00 2005-07-27 00:00:00
        Sun Flex License Manager (FlexLM)中lit程序跟随符号链接。本地用户借助此漏洞可以修改任意文件。

- 公告与补丁

        Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at:

- 漏洞信息 (19757)

Sun Workshop 5.0 Licensing Manager Symlink Vulnerability (EDBID:19757)
solaris local
2000-02-21 Verified
0 sp00n
N/A [点击下载]

A vulnerability exists in the installation of licenses for Sun's WorkShop 5.0 compilers, and other Sun products which use the FlexLM license management system. As part of the installation process, the 'lit' program is run. This program insecurely creates files in /var/tmp. This can be used to create files owned by root, with known contents. The file will be created with root's umask, which by default is 0022.

Lit is not part of Globetrotter's FlexLM distribution. It is a license installation tool supplied by Sun for convenience purposes. This vulnerability does not represent a vulnerability in lmgrd, but a flaw in the license installation process. Running lmgrd as a user other than root, while a good idea, will not eliminate this problem.

ln -sf /.rhost /var/tmp/license_errors 		

- 漏洞信息

Sun Licensing Manager Symlink Arbitrary File Modification
Local Access Required Race Condition
Loss of Integrity Solution Unknown
Exploit Public Third-party Verified

- 漏洞描述

- 时间线

2000-02-21 Unknow
Unknow Unknow

- 解决方案

OSVDB is not aware of a solution for this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete