Home page logo
/

bugtraq logo Bugtraq mailing list archives

MGE UPS Systems
From: rmurray () PC-42839 BC ROGERS WAVE CA (Ryan Murray)
Date: Sun, 12 Apr 1998 23:46:39 -0700


While on the subject of UPS software exploits, I have run across another one.

MGE UPS's (http://www.mgeups.com/) Solution Pac software firstly installs as
mode 666/777, which, although easy to correct, should be fixed.

Next, the programs, when starting up, create lock files in /tmp:
COM_init.lock
MON_init.lock

These files are created with mode 666, and ignore the current umask.
I sent a message to MGEUPS 4 months ago with this information, but have had no
reply.

If you are running the software, you may want to clear /tmp at boot, at least
for the lock files.  Otherwise any user can turn any file on the system to 0
bytes.

--
Ryan Murray (rmurray () lightspeed bc ca, rmurray () bcit bc ca)
BCIT Computer Resources, Academic Services Student Proctor
BCIT Computer Systems Technology Student: Data Communications Option



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault