|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: apcupsd 3.7.2 Denial of Service
From: Mattias Dartsch (matze
JOONIX.DE)Date: Wed Dec 06 2000 - 12:07:11 CST
- Next message: Frederik Lindberg: "Re: ezmlm-cgi"
- Previous message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Cisco Catalyst Memory Leak Vulnerability"
- Next in thread: nash: "Re: apcupsd 3.7.2 Denial of Service"
- Reply: nash: "Re: apcupsd 3.7.2 Denial of Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Title: apcupsd 3.7.2 Denial of Service
Affected Application: apcupsd daemon
Affected Versions: 3.7.2 and maybe prior
Not affected: 3.8.0 and above
Affected Platforms: all Linux / Unix
Vulnerability Class: Denial of Service (local)
Author Notified: Yes July 12th 2000
Fix available: Yes (included)
Description:
Apcupsd is a daemon for controlling most of APC's UPS models on Unix and
Windows machines. The Unix daemon runs as root and shuts the machine down in
case of a power failure.
Problem:
During startup apcupsd creates a PID-file named "apcupsd.pid" in /var/run
(system specific, maybe other directory) with the ID of the daemon process,
this PID-file is used by the shutdown-script to kill the daemon process.
Unfortunatly this PID-file ist world-writeable (Mode 666, -rw-rw-rw). A
malicious user can overwrite the file with arbitrary process ID's, these
processes will be killed instead of the apcupsd process during restart or
stop of the apcupsd daemon and during system shutdown or restart, the whole
system can be crashed this way.
Solution:
Upgrade to apcupsd Version 3.8.0 .
It's available at:
http://www.sibbald.com/apcupsd/
http://www.oasi.gpa.it/riccardo/linux/apcupsd/
ftp://ftp.oasi.gpa.it/pub/apcupsd/
User's who don't want to upgrade can add two lines to the "start" section in
the apcupsd startup script in /etc/rc.d or /sbin/init.d :
---begin---
start)
rm -f /etc/apcupsd/powerfail
rm -f /etc/nologin
echo -n "Starting apcupsd power management"
$APCUPSD || return=$rc_failed
# give the daemon some little time to create the PID-file
sleep 1
#now simply chmod the PID-file to Mode 644
chmod 644 /var/run/apcupsd.pid
echo -e "$return"
;;
---end---
Mattias Dartsch
matzejoonix.de
- Next message: Frederik Lindberg: "Re: ezmlm-cgi"
- Previous message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Cisco Catalyst Memory Leak Vulnerability"
- Next in thread: nash: "Re: apcupsd 3.7.2 Denial of Service"
- Reply: nash: "Re: apcupsd 3.7.2 Denial of Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]