Standard security holes are plentiful in the MGE UPS software
Ryan Murray <rmurray@PC-42839.BC.ROGERS.WAVE.CA>
Those running vulnerable versions of MGE UPS software. It apparently runs on Solaris, AIX, SCO, etc.
12 April 1998
Date: Sun, 12 Apr 1998 23:46:39 -0700
From: Ryan Murray <rmurray@PC-42839.BC.ROGERS.WAVE.CA>
Subject: MGE UPS Systems
While on the subject of UPS software exploits, I have run across another one.
MGE UPS's (http://www.mgeups.com/) Solution Pac software firstly installs as
mode 666/777, which, although easy to correct, should be fixed.
Next, the programs, when starting up, create lock files in /tmp:
These files are created with mode 666, and ignore the current umask.
I sent a message to MGEUPS 4 months ago with this information, but have had no
If you are running the software, you may want to clear /tmp at boot, at least
for the lock files. Otherwise any user can turn any file on the system to 0
Ryan Murray (firstname.lastname@example.org, email@example.com)
BCIT Computer Resources, Academic Services Student Proctor
BCIT Computer Systems Technology Student: Data Communications Option
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces: