Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: ups4-2.htm

Apcupsd 3.7.2 Inappropriate Permissions



Vulnerability

    apcupsd

Affected

    apcupsd 3.7.2

Description

    Mattias  Dartsch  found  following.   Apcupsd  is  a  daemon   for
    controlling most of APC's UPS models on Unix and Windows machines.
    The Unix daemon runs as root and shuts the machine down in case of
    a power failure.

    During startup apcupsd creates  a PID-file named "apcupsd.pid"  in
    /var/run (system specific, maybe  other directory) with the  ID of
    the daemon process, this  PID-file is used by  the shutdown-script
    to kill the daemon process.

    Unfortunatly  this   PID-file  ist   world-writeable  (Mode   666,
    -rw-rw-rw).   A  malicious  user  can  overwrite  the  file   with
    arbitrary process ID's, these processes will be killed instead  of
    the apcupsd process during restart  or stop of the apcupsd  daemon
    and during  system shutdown  or restart,  the whole  system can be
    crashed this way.

Solution

    Upgrade to apcupsd Version 3.8.0.  It's available at:

        http://www.sibbald.com/apcupsd/
        http://www.oasi.gpa.it/riccardo/linux/apcupsd/
        ftp://ftp.oasi.gpa.it/pub/apcupsd/

    User's who don't want to upgrade can add two lines to the  "start"
    section  in   the  apcupsd   startup  script   in  /etc/rc.d    or
    /sbin/init.d:

    start)
        rm -f /etc/apcupsd/powerfail
        rm -f /etc/nologin
        echo -n "Starting apcupsd power management"
        $APCUPSD || return=$rc_failed

        # give the daemon some little time to create the PID-file
        sleep 1

        #now simply chmod the PID-file to Mode 644
        chmod 644 /var/run/apcupsd.pid

        echo -e "$return"
    ;;

    For Linux-Mandrake:

        Linux-Mandrake 7.2: 7.2/RPMS/apcupsd-3.8.0-1.1mdk.i586.rpm
                            7.2/SRPMS/apcupsd-3.8.0-1.1mdk.src.rpm

    The problem is  a missing umask()  in the main  program code, this
    was  fixed  in  Version  3.8.0.   The  fix  above was thought as a
    temporary  solution  for  people  who  DON'T  want  to  upgrade or
    recompile, they only have  to alter the /etc/rc.d/apcupsd  script.
    Setting a  umask in  a /etc/rc.d  script can  lead to strange side
    effects.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH