COMMAND

    /usr/local/flexlm

SYSTEMS AFFECTED

    Systems using FLEXlm

PROBLEM

    Due to  some confusion  in the  documentation supplied  to vendors
    using the FLEXlm package,  the FLEXlm licence management  software
    often runs  with root  privileges.   This often  occurs due to the
    FLEXlm  daemons  being  started   by  the  system   initialisation
    scripts.   If the  daemons are  running with  root privileges they
    may be used by local  users to gain unauthorised root  privileges.
    This  potentially  affects  all  versions  of  the  FLEXlm licence
    management daemon.

    A  vulnerability  has  been  also  found  in  the  FLEXlm  licence
    management daemon which may allow local users unauthorised  access
    to the account running the FLEXlm licence management daemon.  This
    vulnerability  exists  in  all  versions  of  the  FLEXlm  licence
    management daemon from version  4.0 up to, and  including, version
    5.0a.

SOLUTION

    GLOBEtrotter Software  advise that  the FLEXlm  licence management
    software does not require root privileges to operate.  The  FLEXlm
    licence management daemon should be run by a non-privileged  user.
    All versions of the FLEXlm licence management daemon from  version
    4.0  up  to,  and  including,  version  5.0a  should  be  upgraded
    immediately (latest version 5.0b).