Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: ups2-2.htm

MGE UPS - Inappropriate Permissions



Vulnerability

    UPS

Affected

    Systems running MGE UPS Systems

Description

    Ryan  Murray  found  following.   MGE  UPS's Solution Pac software
    firstly installs as mode 666/777, which, although easy to correct,
    should be  fixed.   Next, the  programs, when  starting up, create
    lock files in /tmp:

        COM_init.lock
        MON_init.lock

    These files  are created  with mode  666, and  ignore the  current
    umask.

Solution

    As for  first problem,  just change  permissions.   As for  second
    problem, you may want to clear /tmp at boot, at least for the lock
    files.  Otherwise any  user can turn any  file on the system  to 0
    bytes.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH