MGE UPS serious security holes

Summary

Description:	Standard security holes are plentiful in the MGE UPS software
Author:	Ryan Murray <rmurray@PC-42839.BC.ROGERS.WAVE.CA>
Compromise:	root (local)
Vulnerable Systems:	Those running vulnerable versions of MGE UPS software. It apparently runs on Solaris, AIX, SCO, etc.
Date:	12 April 1998

Details

Date: Sun, 12 Apr 1998 23:46:39 -0700
From: Ryan Murray <rmurray@PC-42839.BC.ROGERS.WAVE.CA>
To: BUGTRAQ@NETSPACE.ORG
Subject: MGE UPS Systems

While on the subject of UPS software exploits, I have run across another one.

MGE UPS's (http://www.mgeups.com/) Solution Pac software firstly installs as
mode 666/777, which, although easy to correct, should be fixed.

Next, the programs, when starting up, create lock files in /tmp:
COM_init.lock
MON_init.lock

These files are created with mode 666, and ignore the current umask.
I sent a message to MGEUPS 4 months ago with this information, but have had no
reply.

If you are running the software, you may want to clear /tmp at boot, at least
for the lock files.  Otherwise any user can turn any file on the system to 0
bytes.

--
Ryan Murray (rmurray@lightspeed.bc.ca, rmurray@bcit.bc.ca)
BCIT Computer Resources, Academic Services Student Proctor
BCIT Computer Systems Technology Student: Data Communications Option

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:

All OS's	Linux	Solaris/SunOS	Micro$oft
*BSD	Macintosh	AIX	IRIX
ULTRIX/Digital UNIX	HP/UX	SCO	Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: