Bugtraq mailing list archives
SGI Security Advisory 19961102 - FLEXlm and LicenseManager
From: agent99 () boytoy csd sgi com (SGI Security Coordinator)
Date: Thu, 21 Nov 1996 13:51:18 -0800
DISTRIBUTION RESTRICTIONS - NONE : FOR PUBLIC RELEASE -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Silicon Graphics Inc. Security Advisory Title: FLEXlm and LicenseManager security vulnerabilities Title: AUSCERT Advisory AA-96.03 Number: 19961102-01-PX Date: November 21, 1996 ______________________________________________________________________________ Silicon Graphics provides this information freely to the SGI user community for its consideration, interpretation, implementation and use. Silicon Graphics recommends that this information be acted upon as soon as possible. Silicon Graphics will not be liable for any indirect, special, or consequential damages arising from the use of, failure to use or improper use of any of the instructions or information in this Security Advisory. ______________________________________________________________________________ Recently, a root compromise security issue with the LicenseManager program was publicly announced. Additionally, the Australian Computer Emergency Response Team (AUSCERT) released an advisory (AA-96.03) on the related FLEXlm licensing subsystem. Silicon Graphics Inc. has investigated these issues and recommends the following steps for neutralizing exposure. It is HIGHLY RECOMMENDED that these measures be implemented on ALL SGI systems running IRIX versions 5.0.x, 5.1.x, 5.2, 5.3, 6.0.x, 6.1, 6.2 and 6.3. This issue will be corrected in future releases of IRIX. - -------------- - --- Impact --- - -------------- The purpose of the LicenseManager program and the FLEXlm license subsystem is for software licensing. For both security issues, a root compromise is possible. An account on the vulnerable system is required for exploit. With an account, these vulnerabilities are exploitable by both local and remote access. Exploit information for these vulnerabilities has been publicly and widely distributed. - ---------------- - --- Solution --- - ---------------- The solution to this problem is to install version 3.0 of the the License Tools, license_eoe subsystem. To determine the version of License Tools installed on a particular system, the following command can be used: % versions license_eoe I = Installed, R = Removed Name Date Description I license_eoe 02/13/96 License Tools 1.0 I license_eoe.man 02/13/96 License Tools 1.0 Manual Pages I license_eoe.man.license_eoe 02/13/96 License Tools 1.0 Manual Pages I license_eoe.man.relnotes 02/13/96 License Tools 1.0 Release Notes I license_eoe.sw 02/13/96 License Tools 1.0 Software I license_eoe.sw.license_eoe 02/13/96 License Tools 1.0 Software In the above case, version 1.0 of the License Tools is installed and the steps below should be performed. If the output returned indicates "License Tools 3.0," the latest license subsystem is installed and no further action is required. **** IRIX 4.x **** The 4.x version of IRIX is not vulnerable as no license manager subsystems were released for this IRIX version. No action is required. **** IRIX 5.0.x, 5.1.x, 5.2 **** The 5.0.x, 5.1.x and 5.2 versions of IRIX are not vulnerable as no license manager subsystems were released for these IRIX versions. No action is required. **** IRIX 5.3 **** For the IRIX operating system version 5.3 an inst-able new version of software has been generated and made available via anonymous FTP and your service/support provider. The software is version 3.0 of the License Tools, license_eoe subsystem and will install on IRIX 5.3 only. The SGI anonymous FTP site is sgigate.sgi.com (204.94.209.1) or its mirror, ftp.sgi.com. Software is referred to as License5.3.tar and can be found in the following directories on the FTP server: ~ftp/Security or ~ftp/Patches/5.3 ##### Checksums #### The actual software will be a tar file containing the following files: Filename: license_eoe Algorithm #1 (sum -r): 01409 7 license_eoe Algorithm #2 (sum): 56955 7 license_eoe MD5 checksum: 38232F3DE67373875577B167B2DA2DA3 Filename: license_eoe.books Algorithm #1 (sum -r): 33405 809 license_eoe.books Algorithm #2 (sum): 53177 809 license_eoe.books MD5 checksum: D1D931936AB681A7B259BD75DCA6D7F9 Filename: license_eoe.idb Algorithm #1 (sum -r): 59742 54 license_eoe.idb Algorithm #2 (sum): 32839 54 license_eoe.idb MD5 checksum: 4F7EE6965539FCFEEDE07E3FFD71CF5A Filename: license_eoe.man Algorithm #1 (sum -r): 58166 271 license_eoe.man Algorithm #2 (sum): 23426 271 license_eoe.man MD5 checksum: 41946D8E27032A929350B2C27D065DE5 Filename: license_eoe.sw Algorithm #1 (sum -r): 29827 7692 license_eoe.sw Algorithm #2 (sum): 52617 7692 license_eoe.sw MD5 checksum: 720EF1907DD0C3113CB4A98AD602010B **** IRIX 6.0, 6.0.1 ***** The 6.0.x versions of IRIX are not vulnerable as no license manager subsystems were released for these IRIX versions. No action is required. **** IRIX 6.1 **** The license manager software provided with IRIX 6.1 is version 1.0 of the License Tools, license_eoe subsystem for IRIX 6.1. This version is not vulnerable to these security issues. However, if an upgrade of the License Tools, license_eoe subsystem was done (see above section on determining version installed with versions command), then a security vulnerability might exist. In order to remove this vulnerability, either a downgrade to version 1.0 of the License Tools, license_eoe subsystem is required or upgrade the entire IRIX version to 6.2 and apply the version 3.0 of the License Tools, license_eoe subsystem. **** IRIX 6.2 **** For the IRIX operating system version 6.2 an inst-able new version of software has been generated and made available via anonymous FTP and your service/support provider. The software is version 3.0 of the License Tools, license_eoe subsystem and will install on IRIX 6.2 only. The SGI anonymous FTP site is sgigate.sgi.com (204.94.209.1) or its mirror, ftp.sgi.com. Software is referred to as License6.2.tar and can be found in the following directories on the FTP server: ~ftp/Security or ~ftp/Patches/6.2 ##### Checksums #### The actual software will be a tar file containing the following files: Filename: license_eoe Algorithm #1 (sum -r): 53638 7 license_eoe Algorithm #2 (sum): 7547 7 license_eoe MD5 checksum: 05A65EE03BEE71A464D4B7AB9962F228 Filename: license_eoe.books Algorithm #1 (sum -r): 03494 907 license_eoe.books Algorithm #2 (sum): 25664 907 license_eoe.books MD5 checksum: AE86ED7D3C36F67C2505C06C41FCD174 Filename: license_eoe.idb Algorithm #1 (sum -r): 15441 58 license_eoe.idb Algorithm #2 (sum): 59702 58 license_eoe.idb MD5 checksum: 811CD48FA5BD57E79B4D36839185EED9 Filename: license_eoe.man Algorithm #1 (sum -r): 63961 271 license_eoe.man Algorithm #2 (sum): 25496 271 license_eoe.man MD5 checksum: 3086F992150A673C5110CCC16E20CA96 Filename: license_eoe.sw Algorithm #1 (sum -r): 05953 7483 license_eoe.sw Algorithm #2 (sum): 33599 7483 license_eoe.sw MD5 checksum: BE52C7C2CCDAB2B491F6FA0412E4A66D **** IRIX 6.3 **** The license manager softwares provided with this version of IRIX are not vulnerable to these security issues. - ------------------------ - --- Acknowledgments --- - ------------------------ Silicon Graphics wishes to thank the AUSCERT group for their cooperation in this matter. - ----------------------------------------- - --- SGI Security Information/Contacts --- - ----------------------------------------- If there are questions about this document, email can be sent to cse-security-alert () csd sgi com. ------oOo------ Silicon Graphics provides security information and patches for use by the entire SGI community. This information is freely available to any person needing the information and is available via anonymous FTP and the Web. The primary SGI anonymous FTP site for security information and patches is sgigate.sgi.com (204.94.209.1). Security information and patches are located under the directories ~ftp/security and ~ftp/patches, respectively. The Silicon Graphics Security Headquarters Web page is accessible at the URL http://www.sgi.com/Support/Secur/security.html. For issues with the patches on the FTP sites, email can be sent to cse-security-alert () csd sgi com. For assistance obtaining or working with security patches, please contact your SGI support provider. ------oOo------ Silicon Graphics provides a free security mailing list service called wiretap and encourages interested parties to self-subscribe to receive (via email) all SGI Security Advisories when they are released. Subscribing to the mailing list can be done via the Web (http://www.sgi.com/Support/Secur/wiretap.html) or by sending email to SGI as outlined below. % mail wiretap-request () sgi com subscribe wiretap <YourEmailAddress> end ^d In the example above, <YourEmailAddress> is the email address that you wish the mailing list information sent to. The word end must be on a separate line to indicate the end of the body of the message. The control-d (^d) is used to indicate to the mail program that you are finished composing the mail message. ------oOo------ Silicon Graphics provides a comprehensive customer World Wide Web site. This site is located at http://www.sgi.com/Support/Secur/security.html. ------oOo------ For reporting *NEW* SGI security issues, email can be sent to security-alert () sgi com or contact your SGI support provider. A support contract is not required for submitting a security report. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMpTOMrQ4cFApAP75AQEKUQQAn9c21R2lh2zNUtBPIA+6Kv6IDYXoYmQT 7772rqmZlyU9F9YZYTqihy2tHgKyVYo7SFHSfWuKckiU35Bz6bc2FS+KEFez0rWG CYZA6FBckJtQnnDFG0cCqT/5+XlNqCvRVlB4WN6kQlOWD0jA0BboihpRQZWVmj0+ TmTr/+Nrd3Y= =4Ilz -----END PGP SIGNATURE-----
Current thread:
- Re: BoS: Magic password of some linux-box(Hardware..) Brian F. Knoll (Nov 20)
- Re: BoS: Magic password of some linux-box(Hardware..) Roger Moar (Nov 21)
- BoS: Magic password of some linux-box(Hardware..) (fwd) sameer (Nov 21)
- SGI Security Advisory 19961102 - FLEXlm and LicenseManager SGI Security Coordinator (Nov 21)
- SGI Security Advisory 19961103 - Sendmail Daemon Mode SGI Security Coordinator (Nov 21)
- CERT Advisory CA-96.24 - Sendmail Daemon Mode Vulnerability CERT Advisory (Nov 21)
- L0pht Kerberos Advisory sameer (Nov 22)
- <Possible follow-ups>
- Re: BoS: Magic password of some linux-box(Hardware..) Eugene Bradley (Nov 20)