linux, säkerhet

5829230 2000-12-06 19:07 +0100  /81 rader/ Mattias Dartsch <matze@JOONIX.DE>
Sänt av: joel@lysator.liu.se
Importerad: 2000-12-07  00:29  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: matze@JOONIX.DE
Mottagare: Bugtraq (import) <14076>
Ärende: apcupsd 3.7.2 Denial of Service
------------------------------------------------------------
From: Mattias Dartsch <matze@JOONIX.DE>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <023f01c05faf$784afdf0$0200a8c0@joonix.de>

Title:    apcupsd 3.7.2 Denial of Service

Affected Application:    apcupsd daemon

Affected Versions:    3.7.2 and maybe prior

Not affected:    3.8.0 and above

Affected Platforms:    all Linux / Unix

Vulnerability Class:    Denial of Service (local)

Author Notified:    Yes    July 12th 2000

Fix available:    Yes (included)


Description:

Apcupsd is a daemon for controlling most of APC's UPS models on Unix
and Windows machines. The Unix daemon runs as root and shuts the
machine down in case of a power failure.


Problem:

During startup apcupsd creates a PID-file named "apcupsd.pid" in
/var/run (system specific, maybe other directory) with the ID of the
daemon process, this PID-file is used by the shutdown-script to kill
the daemon process.

Unfortunatly this PID-file ist world-writeable (Mode 666,
-rw-rw-rw). A malicious user can overwrite the file with arbitrary
process ID's, these processes will be killed instead of the apcupsd
process during restart or stop of the apcupsd daemon and during
system shutdown or restart, the whole system can be crashed this way.


Solution:

Upgrade to apcupsd Version 3.8.0 .

It's available at:

http://www.sibbald.com/apcupsd/
http://www.oasi.gpa.it/riccardo/linux/apcupsd/
ftp://ftp.oasi.gpa.it/pub/apcupsd/


User's who don't want to upgrade can add two lines to the "start"
section in the apcupsd startup script in /etc/rc.d or /sbin/init.d :

---begin---

    start)
        rm -f /etc/apcupsd/powerfail
        rm -f /etc/nologin
        echo -n "Starting apcupsd power management"
        $APCUPSD || return=$rc_failed

        # give the daemon some little time to create the PID-file
        sleep 1

        #now simply chmod the PID-file to Mode 644
        chmod 644 /var/run/apcupsd.pid

        echo -e "$return"
    ;;

---end---



Mattias Dartsch

matze@joonix.de
(5829230) --------------------------------(Ombruten)