|
Vulnerability UPS Affected Systems running MGE UPS Systems Description Ryan Murray found following. MGE UPS's Solution Pac software firstly installs as mode 666/777, which, although easy to correct, should be fixed. Next, the programs, when starting up, create lock files in /tmp: COM_init.lock MON_init.lock These files are created with mode 666, and ignore the current umask. Solution As for first problem, just change permissions. As for second problem, you may want to clear /tmp at boot, at least for the lock files. Otherwise any user can turn any file on the system to 0 bytes.