MGE UPS serious security holes

Summary
Description:Standard security holes are plentiful in the MGE UPS software
Author:Ryan Murray <rmurray@PC-42839.BC.ROGERS.WAVE.CA>
Compromise: root (local)
Vulnerable Systems:Those running vulnerable versions of MGE UPS software. It apparently runs on Solaris, AIX, SCO, etc.
Date:12 April 1998
Details


Date: Sun, 12 Apr 1998 23:46:39 -0700
From: Ryan Murray <rmurray@PC-42839.BC.ROGERS.WAVE.CA>
To: BUGTRAQ@NETSPACE.ORG
Subject: MGE UPS Systems

While on the subject of UPS software exploits, I have run across another one.

MGE UPS's (http://www.mgeups.com/) Solution Pac software firstly installs as
mode 666/777, which, although easy to correct, should be fixed.

Next, the programs, when starting up, create lock files in /tmp:
COM_init.lock
MON_init.lock

These files are created with mode 666, and ignore the current umask.
I sent a message to MGEUPS 4 months ago with this information, but have had no
reply.

If you are running the software, you may want to clear /tmp at boot, at least
for the lock files.  Otherwise any user can turn any file on the system to 0
bytes.

--
Ryan Murray (rmurray@lightspeed.bc.ca, rmurray@bcit.bc.ca)
BCIT Computer Resources, Academic Services Student Proctor
BCIT Computer Systems Technology Student: Data Communications Option

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault