MGE UPS serious security holes

Description:Standard security holes are plentiful in the MGE UPS software
Author:Ryan Murray <rmurray@PC-42839.BC.ROGERS.WAVE.CA>
Compromise: root (local)
Vulnerable Systems:Those running vulnerable versions of MGE UPS software. It apparently runs on Solaris, AIX, SCO, etc.
Date:12 April 1998

Date: Sun, 12 Apr 1998 23:46:39 -0700
From: Ryan Murray <rmurray@PC-42839.BC.ROGERS.WAVE.CA>
Subject: MGE UPS Systems

While on the subject of UPS software exploits, I have run across another one.

MGE UPS's ( Solution Pac software firstly installs as
mode 666/777, which, although easy to correct, should be fixed.

Next, the programs, when starting up, create lock files in /tmp:

These files are created with mode 666, and ignore the current umask.
I sent a message to MGEUPS 4 months ago with this information, but have had no

If you are running the software, you may want to clear /tmp at boot, at least
for the lock files.  Otherwise any user can turn any file on the system to 0

Ryan Murray (,
BCIT Computer Resources, Academic Services Student Proctor
BCIT Computer Systems Technology Student: Data Communications Option

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: