Original issue date: January 6, 1997<BR>
Last revised: September 26, 1997<BR>
Updated copyright statement
<P>A complete revision history is at the end of this file.
<HR><BR>
<P>The text of this advisory was originally released on September 19,
1996, as AUSCERT Advisory AA-96.03 "Multi-platform Unix FLEXlm
Vulnerabilities," developed by Australian Computer Emergency
Response Team. Because of the seriousness of the problem, we are
reprinting the AUSCERT advisory here with their permission. Only the
contact information at the end has changed: AUSCERT contact
information has been replaced with CERT/CC contact information.
<P>We will update this advisory as we receive additional
information. Look for it in an "Updates" section at the end
of the advisory.
<P>
<HR><BR>
<P>AUSCERT has received information concerning several problems
involving the use of the FLEXlm licence management package on Unix
systems. FLEXlm is used by many vendors to licence their products, and
is supplied to them by GLOBEtrotter Software (previously, it was
supplied by Highland Software). Many vendors have misconfigured the
FLEXlm system to run as the root user, and some versions of the FLEXlm
licence management daemon lmgrd contain a security
vulnerability. These problems may allow local users to create users to
create arbitrary files on the system and execute arbitrary programs
using the privileges of the user running the FLEXlm daemons.
<P>System administrators are advised that the FLEXlm package may be
installed as part of the installation procedures of other vendor and
third-party products. Due to the way that the licence management
software is often installed, it may be unnecessarily running as root
making it possible to gain unauthorised privileged access.
<P>This means that the FLEXlm package may be installed on systems and
running as the root user without the knowledge of the system
administrator.
<P>Note that the vulnerabilities described here do not affect the
security of the FLEXlm licences and licencing restriction. The
vulnerabilities allow users to compromise security of the Operating
System.
<P>
<HR Width ="100%"></P>
<H2>1. Description </H2>
<P>The FLEXlm licence management package is used by many vendors to
licence their products. Many vendors have misconfigured the FLEXlm
system to run as the root user which opens a number of computer
security vulnerabilities which can be used to compromise the Unix
operating system. This is described in paragraph (a).
<P>In addition, some versions of the FLEXlm licence management daemon
lmgrd contain a security vulnerability. This is described in paragraph
(b).
<P><B>(a) Insecure configuration of vendor product installation</B>
<P>Due to some confusion in the documentation supplied to vendors
using the FLEXlm package, the FLEXlm licence management software often
runs with root privileges. This often occurs due to the FLEXlm daemons
being started by the system initialisation scripts. If the daemons are
running with root privileges they may be used by local users to gain
unauthorised root privileges. This potentially affects all versions
of the FLEXlm licence management daemon.
<P>GLOBEtrotter Software advise that the FLEXlm package does not
require root privileges to operate correctly. FLEXlm daemons should be
started by a non-privileged user with a restrictive umask setting,
limiting the associated configuration vulnerabilities.
<P><B>(b) Security vulnerability in FLEXlm licence management daemon</B>
<P>A vulnerability has been found in the FLEXlm licence management
daemon which may allow local users unauthorised access to the account
running the FLEXlm licence management daemon.
<P>This vulnerability exists in all versions of the FLEXlm licence
management daemon from version 4.0 up to, and including, version
5.0a. A new version of the daemon has been made available by
GLOBEtrotter Software that fixes this vulnerability. See Section
3.4.
<P>Versions earlier than version 4.0 do not have this
vulnerability. GLOBEtrotter Software advise that all existing versions
of the lmgrd daemon may be updated to the most recent version (version
5.0b) without change in functionality. This version of lmgrd will
work successfully with all existing FLEXlm-licensed products. See
Section 3.4.
<H3>1.1 Additional Description Information</H3>
<P>This section contains additional information on locating any FLEXlm
components, determining the configuration of those components, and
identifying information required for the Workarounds/Solutions in
Section 3.
<P><B>(a) Vendor configurations may be customised</B>
<P>Vendors using the FLEXlm licence management package to licence their
products have the ability to customise FLEXlm to meet their own needs.
This may include names, locations, and content of many files, in addition
to how the software is installed and used. Therefore, care is required
in locating any vulnerable software or configurations, and implementing
workaround solutions.
<P><B>(b) Determining if FLEXlm is installed </B>
<P>The FLEXlm licence management package is often installed as part of
the installation procedures of other vendor and third-party
products. The system administrator may not be aware that FLEXlm has
been installed.
<P>The following command run as root should determine if the FLEXlm
licence management software is installed.
<P># find /etc -type f -exec egrep -il 'lmgrd|flexlm|licdir' {} \;
<P>Any files listed should be investigated further to see if they relate
to the FLEXlm licence management product.
<P>In particular, it is important to locate the FLEXlm licence
management initialisation files (the files where FLEXlm licence
management daemons are started from) as these will become important
when discussing the Workarounds/Solutions in Section 3.
<P><B>(c) Determining the version of the FLEXlm licence management
daemon(s)</B>
<P>The version of the FLEXlm licence management daemon can be
determined by examining the strings(1) output of the binary daemon and
searching for the strings "Copyright" and
"FLEXlm".
<P>For example:
<P># strings /usr/local/flexlm/licences/lmgrd | grep -i copyright | grep
-i flexlm
<P>Note that more than one version of the FLEXlm licence management
daemon may be executing, depending on what products are installed.
<P>The version number is also written to stdout (which may have been
redirected to a log file) when the licence management daemon is
started.
<P><B>(d) Identifying the user running the FLEXlm licence management daemons
</B></P>
<P>The licence management daemon is often called "lmgrd" or
some derivative containing the string "lmgrd" (for example,
lmgrd.abc). On some products, the name of the licence management
daemon may have been changed to an arbitrary name (for example,
lm_ABC4.ld). It should be possible to locate most running versions of
the licence management daemon by examining the files identified in
Section 1.1(b) or by using one of the following commands (Note this
may locate other processes not related to FLEXlm, and may not locate
all FLEXlm related processes):
<UL>
<P>% ps -auxww | grep -i lm | grep -v grep<BR>
#BSD systems</P>
<P>% ps -ef | grep -i lm | grep -v grep <BR>
# SYS V systems</P>
</UL>
<P>If any licence management daemon is running as the root user, then
a number of vulnerabilities exist as the daemon was not designed to be
run with root privileges.
<P>Note that more than one FLEXlm licence management daemon may be
running depending on what products have been installed. It is
important to check for all running versions of the daemon.
<P><B>(e) Locating the licence management files </B></P>
<P>Each licence management daemon has an associated licence file. The licence
file is usually specified by the "-c" option on the command line,
the LM_LICENSE_FILE environment variable, or is found in the default location
/usr/local/flexlm/licenses/license.dat. The licence file describes which
products the daemon is administering and the location of associated daemons.
The licence files become important when discussing the Workarounds/Solutions
in Section 3.
<H2>2. Impact </H2>
<P>Any versions of the FLEXlm licence management daemons executing
using a system account (for example, bin, daemon, sys) or a privileged
account (such as root) may allow local users to create or overwrite
arbitrary files on the system. This may be leveraged to gain root
access.
<P>FLEXlm licence management daemons containing the security
vulnerability (indicated in Section 1(b)) may allow local users
unauthorised access to the account running the daemons.
<P>Information on gaining unauthorised access to Unix systems using
the FLEXlm Licence Management software has been widely distributed.
<H2>3. Workarounds/Solution </H2>
<P>Note that all four (4) sections should be reviewed and implemented
if appropriate. Each section addresses a different problem.
<P>After the installation of ANY product or upgrade, the system must
be checked to verify if a FLEXlm licence management daemon has been
added. If a FLEXlm licence management daemon has been added, then
Sections 3.1 to 3.4 of this Advisory should be applied to it to ensure
a more secure configuration.
<H3>3.1 Run as a non-privileged user</H3>
<P>GLOBEtrotter Software advise that the FLEXlm licence management
software does not require root privileges to operate. The FLEXlm
licence management daemon should be run by a non-privileged user.
<P>If the licence management daemon is executing with root or some
other system account permissions (such as bin, sys, daemon or any
other system account), it must be modified to use a non-privileged
user.
<P>If the licence management daemon is already executing as a
non-privileged user, then the remainder of Section 3.1 may be
skipped.
<P>It is recommended that a new user "flexlm" be created for
the specific purpose of running the FLEXlm licence management
daemon. In this case, Steps 3.1.1 through 3.1.5 should be
followed.
<H4>3.1.1 Create a non-privileged account for use by FLEXlm.</H4>
<P>For example: </P>
<P>flexlm:*:2000:250:FLEXlm Licence Manager:/nonexistent:/bin/sh </P>
<P>Note the account must have the following properties: </P>
<P>.password set to '*' as interactive access is not required <BR>
.a unique userid (the 2000 is only an example) <BR>
.a unique groupid (the 250 is only an example)<BR>
.a shell of /bin/sh </P>
<P>The following instructions refer to this account as the
"flexlm user". If the FLEXlm daemons were already running as
a non-privileged user, then this will be the "flexlm user"
below.
<H4>3.1.2 Locate the licence file(s). </H4>
<P>These may be identified in one of three ways: <BR>
. specified by the "-c" option to the FLEXlm licence daemons
<BR>
. specified by the LM_LICENSE_FILE environment variable <BR>
. located in the default location: /usr/local/flexlm/licenses/license.dat</P>
<P>Note that there is always a single licence file for each licence daemon,
but there may be more than one licence daemon running on a system. </P>
<H4>3.1.3 The licence management daemons must use a non-privileged TCP port for communication. The port number chosen may be arbitrary, but all clients must be configured to use the same port. </H4>
<P>The port is specified in the licence data file on the SERVER line. It
is the fourth (4th) field on this line. For example:</P>
<P>SERVER xyzzy 123456789 1234 </P>
<P>the port number is 1234. </P>
<H4>3.1.4 Locate where the FLEXlm licence management daemon is started.</H4>
<P>This is often in the system startup scripts, but may not exclusively
be so. An example startup line is: </P>
<P>$licdir/$lmgrd -c $licdir/$licfile >> /tmp/license_log 2>&1
& </P>
<P>Logging information is written to stdout by the daemons, and is often
redirected to a log file when the daemon is started. </P>
<H4>3.1.5 Modify the line in the FLEXlm startup files that starts the licence management daemon to look similar to the following: </H4>
<P>su flexlm -c "{original command line in startup file}" </P>
<P>where flexlm is the user created in Step 3.1.1. Note that the logging
information that is written to stdout from the daemon should not be written
to files in /tmp or other world writable directories, but to a specially
created directory that the flexlm user can write log information to. </P>
<P>For example: </P>
<P>su flexlm -c "$licdir/$lmgrd -c ... >> /var/log/flexlm/license_log
2>&1 &" </P>
<H3>3.2 File Ownership </H3>
<P>Regardless of which user is executing the FLEXlm licence management
software, additional security vulnerabilities may allow a user to gain
unauthorised access to the account running the daemon or engage in denial
of service attacks by deleting files.</P>
<P>These vulnerabilities may be limited if you ensure that no files on
the system are owned or are writable by the flexlm user. The possible exception
to this requirement is log files (see Section 3.1.4) and temporary files.
All licence and FLEXlm executable files must be readable or executable
by the flexlm user. Additional daemons required by the FLEXlm licence management
daemon are specified in the licence data files (located in Section 3.1.2)
on the DAEMON line. </P>
<P>These file ownership and mode changes should be done for all versions
of FLEXlm. </P>
<P>Note that some vendors may have installed the FLEXlm software owned
by the flexlm user. This configuration should be modified as detailed in
this section. </P>
<H3>3.3 umask Setting </H3>
<P>The FLEXlm licence management daemons inherit the umask setting from
the environment in which they are started. When FLEXlm is started as part
of the system initialisation procedures, the umask is inherited from init(1M)
and is usually set to 000. The FLEXlm licence management daemons inherit
the umask setting from the environment in which they are started. When
FLEXlm is started as part of the system initialisation procedures, the
umask is inherited from <I>init(1M)</I> and is usually set to 000. This
means that FLEXlm will open files which are world and group writable. A
more appropriate umask setting is 022.<BR>
<BR>
This should be done for all versions of FLEXlm. <BR>
<BR>
The umask can be set in the FLEXlm startup files which were identified
in Section 3.1.4. This should be the first command executed in the startup
script for FLEXlm licence management daemons. <BR>
For example: </P>
<P>#!/bin/sh<BR>
umask 022 # add this line here rest of the FLEXlm startup file</P>
<H3>3.4 Vendor Patch for Vulnerability</H3>
<P>GLOBEtrotter Software have made a new version of the FLEXlm licence
management daemon (version 5.0b) available which rectifies the reported
vulnerability in Section 1(b). <BR>
<BR>
All versions of the FLEXlm licence management daemon from version 4.0 up
to, and including, version 5.0a should be upgraded immediately. <BR>
<BR>
GLOBEtrotter Software advise that all versions of the FLEXlm lmgrd may
be upgraded to the latest version (version 5.0b) without loss of existing
functionality. This version of lmgrd will work successfully with all existing
FLEXlm-licensed products. <BR>
<BR>
Note that there may be more than one copy of FLEXlm's lmgrd on your system
that requires upgrading, depending on what products are installed. The
existing licence management daemon(s) should be replaced with the new version,
but the location and file name of the version you are replacing should
be preserved. <BR>
<BR>
Version 5.0b of the FLEXlm licence management daemon may be found at <BR>
</P>
<P><A HREF="http://www.globetrotter.com/lmgrd.htm">http://www.globetrotter.com/lmgrd.htm</A>
</P>
<P><BR>
MD5 (alpha_u1/lmgrd) = 40ec89f3c9cfcdecfaa442d59db179e1 <BR>
MD5 (decs_u4/lmgrd) = 0cd60373d0f0bef8f7a2de290306490b <BR>
MD5 (hal_u5/lmgrd) = 1e678c62d6346480c6ce097df1a6c708 <BR>
MD5 (hp300_u8/lmgrd) = ffbdf1c581fd383ca01ba239230f2964 <BR>
MD5 (hp700_u8/lmgrd) = f972b3a449cd57e8d472a0394613e076 <BR>
MD5 (i86_d4/lmgrd) = 37256e1abe50116c504b6d2f83a23c55 <BR>
MD5 (i86_l1/lmgrd) = f1bbfdf13d1145fb3b18afb063b93ac3 <BR>
MD5 (i86_x5/lmgrd) = e6623c2124205512fc9ed21bc9aee061 <BR>
MD5 (ncr_u2/lmgrd) = 0919251ca4321dfaa166e008f8d34899 <BR>
MD5 (nec_u2/lmgrd) = 7e1ae2664219f59e0c26b1a1d97838df <BR>
MD5 (ppc_u4/lmgrd) = d4d038cd5bdfa4c44d2523cf11461d63 <BR>
MD5 (ppc_x5/lmgrd) = f1aae597d4052734b4e01cac76407cf6 <BR>
MD5 (rm400_u5/lmgrd) = cb2d48efa809cbb3457f835f2db47926<BR>
MD5 (rs6000_u3/lmgrd) = fadf0fc424f1fcc11cd04fe8678b79cf <BR>
MD5 (sco_u3/lmgrd) = e288917fb8fac8fdc8f1f2a9d985eb50 <BR>
MD5 (sgi_u4/lmgrd) = 0637f1dae3adb5d7a3597b6d486e18af <BR>
MD5 (sgi_u5/lmgrd) = 31f1f1d1b02917f4c9c062c33e4636a4 <BR>
MD5 (sgir8_u6/lmgrd) = ba0892403ef4bebf38ad22831d3d8183 <BR>
MD5 (sony_u4/lmgrd) = 032b4521333e7583afd0f783f5555522 <BR>
MD5 (sun4_u4/lmgrd) = f87130d077d4d1cc8469d9818a085d33 <BR>
MD5 (sun4_u5/lmgrd) = 36a2930f3dcbe92155866e7a9864b8a5 <BR>
<BR>
A copy of these files will be available until 31-Oct-1996 from: <BR>
</P>
<P><A HREF="ftp://ftp.auscert.org.au/pub/mirrors/ftp.globetrotter.com/flexlm/unix/">ftp://ftp.auscert.org.au/pub/mirrors/ftp.globetrotter.com/flexlm/unix/</A>
</P>
<H2>4. Additional information </H2>
<H3>4.1 User Manual and Frequently Asked Questions</H3>
<P>GLOBEtrotter Software have a user manual that describes the FLEXlm Licence
Management system which is available to all users. A FAQ (Frequently Asked
Questions) document containing useful information is also available. These
can be located at: <BR>
</P>
<P><A HREF="http://www.globetrotter.com/manual.htm">http://www.globetrotter.com/manual.htm<BR>
</A><A HREF="http://www.globetrotter.com/faq.htm">http://www.globetrotter.com/faq.htm</A></P>
<H3>4.2 Additional Vendor Information</H3>
<P>GLOBEtrotter Software have made available some additional information
concerning these security vulnerabilities. It can be accessed at: </P>
<P><A HREF="http://www.globetrotter.com/auscert.htm">http://www.globetrotter.com/auscert.htm</A>
</P>
<H3>4.3 General misconfiguration description</H3>
<P>The misconfiguration of the FLEXlm licence management daemon is a generic
problem where software that was not designed to be run with root privileges
automatically gains those privileges as a result of being started by the
system initialisation scripts. Only those programs that require root privileges
should be run as root. <BR>
Attention is drawn to the Unix Secure Programming Checklist which addresses
this issue, in addition to others. The checklist is available from: </P>
<P><A HREF="ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist">ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist</A>
</P>
<P>
<HR Width="100%"></P>
<P>AUSCERT thanks Peter Marelas from The Fulcrum Consulting Group, GLOBEtrotter
Software, DFN-CERT, CERT/CC, and Sun Microsystems for their advice and
cooperation in this matter.</P>
<P>
<HR></P>
<H2>UPDATES </H2>
<H3>Silicon Graphics, Inc.</H3>
<P>The solution to this problem is to install version 3.0 of the the License
Tools, license_eoe subsystem. <BR>
To determine the version of License Tools installed on a particular system,
the following command can be used: </P>
<P>% versions license_eoe </P>
<P>I = Installed, R = Removed </P>
<CENTER><TABLE BORDER=1 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" HEIGHT="25%" >
<TR>
<TD>Name</TD>
<TD>Date</TD>
<TD>Description </TD>
</TR>
<TR>
<TD>I license_eoe</TD>
<TD>02/13/96</TD>
<TD>License Tools 1.0</TD>
</TR>
<TR>
<TD>I license_eoe.man</TD>
<TD>02/13/96</TD>
<TD>License Tools 1.0 Manual Pages</TD>
</TR>
<TR>
<TD>I license_eoe.man.license_eoe</TD>
<TD>02/13/96</TD>
<TD>LIcense Tools 1.0 Manual Pages</TD>
</TR>
<TR>
<TD>I license_eoe.man.relnotes</TD>
<TD>02/13/96</TD>
<TD>License Tools 1.0 Release Notes</TD>
</TR>
<TR>
<TD>I license_eoe.sw</TD>
<TD>02/13/96</TD>
<TD>License Tools 1.0 Software</TD>
</TR>
<TR>
<TD>I license_eoe.sw.license_eoe</TD>
<TD>02/13/96</TD>
<TD>License Tools 1.0 Software</TD>
</TR>
</TABLE></CENTER>
<P><BR>
In the above case, version 1.0 of the License Tools is installed and the
steps below should be performed. If the output returned indicates "License
Tools 3.0," the latest license subsystem is installed and no further
action is required. <BR>
<BR>
**** IRIX 4.x **** <BR>
The 4.x version of IRIX is not vulnerable as no license manager subsystems
were released for this IRIX version. No action is required. <BR>
<BR>
**** IRIX 5.0.x, 5.1.x, 5.2 **** <BR>
The 5.0.x, 5.1.x and 5.2 versions of IRIX are not vulnerable as no license
manager subsystems were released for these IRIX versions. No action is
required. <BR>
<BR>
**** IRIX 5.3 **** <BR>
For the IRIX operating system version 5.3 an inst-able new version of software
has been generated and made available via anonymous FTP and your service/support
provider. The software is version 3.0 of the License Tools, license_eoe
subsystem and will install on IRIX 5.3 only. </P>
<P>The SGI anonymous FTP site is sgigate.sgi.com (204.94.209.1) or its
mirror, ftp.sgi.com. Software is referred to as License5.3.tar and can
be found in the following directories on the FTP server: </P>
<P>~ftp/Security <BR>
or <BR>
~ftp/Patches/5.3 <BR>
<BR>
##### Checksums #### <BR>
The actual software will be a tar file containing the following files:
</P>
<P>Filename: license_eoe<BR>
Algorithm #1 (sum -r): 01409 7 license_eoe<BR>
Algorithm #2 (sum): 56955 7 license_eoe<BR>
MD5 checksum: 38232F3DE67373875577B167B2DA2DA3 </P>
<P>Filename: license_eoe.books<BR>
Algorithm #1 (sum -r): 33405 809 license_eoe.books<BR>
Algorithm #2 (sum): 53177 809 license_eoe.books<BR>
MD5 checksum: D1D931936AB681A7B259BD75DCA6D7F9 </P>
<P>Filename: license_eoe.idb<BR>
Algorithm #1 (sum -r): 59742 54 license_eoe.idb<BR>
Algorithm #2 (sum): 32839 54 license_eoe.idb<BR>
MD5 checksum: 4F7EE6965539FCFEEDE07E3FFD71CF5A </P>
<P>Filename: license_eoe.man<BR>
Algorithm #1 (sum -r): 58166 271 license_eoe.man<BR>
Algorithm #2 (sum): 23426 271 license_eoe.man<BR>
MD5 checksum: 41946D8E27032A929350B2C27D065DE5 </P>
<P>Filename: license_eoe.sw<BR>
Algorithm #1 (sum -r): 29827 7692 license_eoe.sw<BR>
Algorithm #2 (sum): 52617 7692 license_eoe.sw<BR>
MD5 checksum: 720EF1907DD0C3113CB4A98AD602010B </P>
<P>**** IRIX 6.0, 6.0.1 ***** <BR>
The 6.0.x versions of IRIX are not vulnerable as no license manager subsystems
were released for these IRIX versions. No action is required. </P>
<P>**** IRIX 6.1 **** <BR>
The license manager software provided with IRIX 6.1 is version 1.0 of the
License Tools, license_eoe subsystem for IRIX 6.1. This version is not
vulnerable to these security issues. <BR>
<BR>
However, if an upgrade of the License Tools, license_eoe subsystem was
done (see above section on determining version installed with versions
command), then a security vulnerability might exist. In order to remove
this vulnerability, either a downgrade to version 1.0 of the License Tools,
license_eoe subsystem is required or upgrade the entire IRIX version to
6.2 and apply the version 3.0 of the License Tools, license_eoe subsystem.
<P>**** IRIX 6.2 **** <BR>
For the IRIX operating system version 6.2 an inst-able new version of software
has been generated and made available via anonymous FTP and your service/support
provider. The software is version 3.0 of the License Tools, license_eoe
subsystem and will install on IRIX 6.2 only. <BR>
<BR>
The SGI anonymous FTP site is sgigate.sgi.com (204.94.209.1) or its mirror,
ftp.sgi.com. Software is referred to as License6.2.tar and can be found
in the following directories on the FTP server: <BR>
<BR>
~ftp/Security <BR>
or <BR>
~ftp/Patches/6.2 <BR>
<BR>
##### Checksums #### <BR>
<BR>
The actual software will be a tar file containing the following files:
</P>
<P>Filename: license_eoe<BR>
Algorithm #1 (sum -r): 53638 7 license_eoe<BR>
Algorithm #2 (sum): 7547 7 license_eoe<BR>
MD5 checksum: 05A65EE03BEE71A464D4B7AB9962F228 <BR>
<BR>
Filename: license_eoe.books<BR>
Algorithm #1 (sum -r): 03494 907 license_eoe.books<BR>
Algorithm #2 (sum): 25664 907 license_eoe.books<BR>
MD5 checksum: AE86ED7D3C36F67C2505C06C41FCD174 <BR>
<BR>
Filename: license_eoe.idb<BR>
Algorithm #1 (sum -r): 15441 58 license_eoe.idb<BR>
Algorithm #2 (sum): 59702 58 license_eoe.idb<BR>
MD5 checksum: 811CD48FA5BD57E79B4D36839185EED9 <BR>
<BR>
Filename: license_eoe.man<BR>
Algorithm #1 (sum -r): 63961 271 license_eoe.man<BR>
Algorithm #2 (sum): 25496 271 license_eoe.man<BR>
MD5 checksum: 3086F992150A673C5110CCC16E20CA96 <BR>
<BR>
Filename: license_eoe.sw<BR>
Algorithm #1 (sum -r): 05953 7483 license_eoe.sw<BR>
Algorithm #2 (sum): 33599 7483 license_eoe.sw<BR>
MD5 checksum: BE52C7C2CCDAB2B491F6FA0412E4A66D <BR>
<BR>
**** IRIX 6.3 **** <BR>
The license manager softwares provided with this version of<BR>
IRIX are not vulnerable to these security issues. </P>
<H3>Sun Microsystems, Inc.</H3>
The following patches are now available from Sun. <BR>
<BR>
Patch-ID# 104174-01<BR>
Keywords: CERT security license FLEXlm<BR>
Synopsis: FLEXlm Licensing (SUNWlicsw, SUNWlit): CERT security advisory
patch <BR>
Date: Jan/13/97 <BR>
<BR>
Solaris Release: 2.4 2.5 <BR>
<BR>
SunOS Release: 5.4 5.5 <BR>
<BR>
Patch-ID# 104186-01<BR>
Keywords: CERT security license FLEXlm<BR>
Synopsis: FLEXlm (SUNWlicsw, SUNWlit): CERT security advisory patch <BR>
Date: Jan/13/97 <BR>
<BR>
Solaris Release: 2.4_x86 2.5_x86 2.5.1_x86 <BR>
<BR>
SunOS Release: 5.4_x86 5.5_x86 5.5.1_x86 <BR>
<BR>
Patch-ID# 104217-01<BR>
Keywords: CERT security license FLEXlm<BR>
Synopsis: FLEXlm (SUNWlicsw, SUNWlit) 4.1: CERT security advisory patch
<BR>
</P>
<!--#include virtual="/include/footer_nocopyright.html" -->
<P>Copyright 1997 Carnegie Mellon University.</P>
<HR>
Revision History
<PRE>
Sep. 26, 1997 Updated copyright statement
Jan. 22, 1997 Updates - Added SGI and Sun patch information.
</PRE>
|