Vulnerability

    UPS

Affected

    Systems running MGE UPS Systems

Description

    Ryan  Murray  found  following.   MGE  UPS's Solution Pac software
    firstly installs as mode 666/777, which, although easy to correct,
    should be  fixed.   Next, the  programs, when  starting up, create
    lock files in /tmp:

        COM_init.lock
        MON_init.lock

    These files  are created  with mode  666, and  ignore the  current
    umask.

Solution

    As for  first problem,  just change  permissions.   As for  second
    problem, you may want to clear /tmp at boot, at least for the lock
    files.  Otherwise any  user can turn any  file on the system  to 0
    bytes.