Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: APC UPS PowerChute PLUS exploit...
From: xx_cdunham () APCC COM (Carl Dunham)
Date: Tue, 21 Apr 1998 12:21:34 -0400


Rick is correct, currently the proper way to avoid this exposure to
crashing is to set the powerchute.ini file as described.

After seeing Theo's original posting, we looked into the issue and we
plan on adding some error-checking code to avoid crashes if a bad packet
is received.  This fix will make its way into PowerChute updates over
the next several months.

Thanks to everyone who contributed to this thread. APC is very much
interested in keeping PowerChute robust and secure (for obvious
reasons). Any future problems can be  quickly reported via our Web site
at http://www.apcc.com/english/svice/techs/contact_support.cfm. If you
don't get the response there you expect, please don't hesitate to
contact me directly.

Thanks,

Carl A. Dunham
Engineering Team Leader
American Power Conversion


Please respond to perry () NEWS VILL EDU
To:   BUGTRAQ () NETSPACE ORG
cc:    (bcc: Carl Dunham)
From: perry () NEWS VILL EDU on 04/13/98 12:11 PM AST
Subject:      Re: APC UPS PowerChute PLUS exploit...



Theo Schlossnagle <jesus () blaze cs jhu edu> writes:
The PowerChute PLUS software distributed with the UPSs provides a TCP/IP
(UDP/IP) way to communicate with (for monitoring) UPS on the local subnet.
It listens on port 6549 and listens for broadcast requests (UDP).
So if you make as if you are actually requesting information, but send it
the wrong packet... Well end of ./_upsd (the name of the daemon).

I believe that the powerchute software will not listen on the net if you
have the following in powerchute.ini

[ Network ]
 UseTCP = NO

I didn't yet try your exploit, but with UseTCP set to NO this machine doesn't
show up in the list of remote ups's when using the powerchute admin interface
from another machine on the same subnet.

....Rick         perry () ece vill edu, http://www.ece.vill.edu/~perry  [PGP]



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault