[6501] in bugtraq
MGE UPS Systems
daemon@ATHENA.MIT.EDU (Ryan Murray)
Mon Apr 13 11:12:40 1998
Mail-Followup-To: BUGTRAQ@NETSPACE.ORG
Date: Sun, 12 Apr 1998 23:46:39 -0700
Reply-To: rmurray@lightspeed.bc.ca
From: Ryan Murray <rmurray@PC-42839.BC.ROGERS.WAVE.CA>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.GSO.3.96.980410230211.26535A-100000@peregrine.cs.jhu.edu>;
from Theo Schlossnagle on Fri, Apr 10, 1998 at 11:13:02PM -0400
While on the subject of UPS software exploits, I have run across another one.
MGE UPS's (http://www.mgeups.com/) Solution Pac software firstly installs as
mode 666/777, which, although easy to correct, should be fixed.
Next, the programs, when starting up, create lock files in /tmp:
COM_init.lock
MON_init.lock
These files are created with mode 666, and ignore the current umask.
I sent a message to MGEUPS 4 months ago with this information, but have had no
reply.
If you are running the software, you may want to clear /tmp at boot, at least
for the lock files. Otherwise any user can turn any file on the system to 0
bytes.
--
Ryan Murray (rmurray@lightspeed.bc.ca, rmurray@bcit.bc.ca)
BCIT Computer Resources, Academic Services Student Proctor
BCIT Computer Systems Technology Student: Data Communications Option
