COMMAND

    lmdown (part of FlexLM)

SYSTEMS AFFECTED

    Systems with FlexLM

PROBLEM

    Valdis  Kletnieks  found  following.   Well,  here's  an oldie but
    goodie, which we first saw at least 3 years ago.  It's  apparently
    STILL broken.

    FlexLM  'lmdown'  command  will  chow  your  license  server  from
    anywhere on the Internet - all  you need is a copy of  the license
    file.  The  authentication appears to  be "Well, you  appear to be
    root on the  machine that you  typed 'lmdown' on".   In fact,  you
    don't even  need the  license file.   At least  on "(lmgrd) FLEXlm
    (v6.0d)",  all  you  needed  was  your  own  file that had 'SERVER
    hostname bozo-number  port'.   Changing bozo-number  didn't affect
    the ability to shut down the server.  All you probably need to  do
    is figure out the packet format, and launch one.

SOLUTION

    Just start the server with the  lmdown disabled.  All you need  to
    do is add the "-x lmdown" and "-x lmremove" options to the command
    line when you start lmgrd.   That disables the feature that  opens
    vulnerability.