Bugtraq mailing list archives
Re: APC UPS PowerChute PLUS exploit...
From: perry () NEWS VILL EDU (Rick Perry)
Date: Mon, 13 Apr 1998 12:11:39 -0400
Theo Schlossnagle <jesus () blaze cs jhu edu> writes:
The PowerChute PLUS software distributed with the UPSs provides a TCP/IP (UDP/IP) way to communicate with (for monitoring) UPS on the local subnet. It listens on port 6549 and listens for broadcast requests (UDP). So if you make as if you are actually requesting information, but send it the wrong packet... Well end of ./_upsd (the name of the daemon).
I believe that the powerchute software will not listen on the net if you have the following in powerchute.ini [ Network ] UseTCP = NO I didn't yet try your exploit, but with UseTCP set to NO this machine doesn't show up in the list of remote ups's when using the powerchute admin interface from another machine on the same subnet. ...Rick perry () ece vill edu, http://www.ece.vill.edu/~perry [PGP]
Current thread:
- MGE UPS Systems, (continued)
- MGE UPS Systems Ryan Murray (Apr 12)
- Re: MGE UPS Systems Theo de Raadt (Apr 13)
- DNS Tunnel - through bastion hosts Oskar Pearson (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Richard Peters (Apr 13)
- GSM SIMs cloned ! Rop Gonggrijp (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Pascal Gienger (Apr 13)
- (follow-up) Wietse's RPCBIND Chiaki Ishikawa (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Chris Liljenstolpe - Network Engineer (Apr 12)
- Re: APC UPS PowerChute PLUS exploit... Iain P.C. Moffat (Apr 13)
- IRIX LicenseManager(1M) Vulnerabilities SGI Security Coordinator (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Rick Perry (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Pascal Gienger (Apr 14)
- Re: APC UPS PowerChute PLUS exploit... Scott Stone (Apr 14)
- New possible exploit for 2.0.33 (kfree_skb error) Paul (Apr 15)
- Re: New possible exploit for 2.0.33 (kfree_skb error) Alan Cox (Apr 15)
- Linux 2.0.33 vulnerability: fragment patterns Alan Cox (Apr 16)
- Linux 2.0.33 vulnerability: oversized packets Michal Zalewski (Apr 17)
- Linux 2.0.34pre10: Summary of fixed vulnerabilities Alan Cox (Apr 20)
- Re: Linux 2.0.33 vulnerability: oversized packets Jon Lewis (Apr 20)
- Re: Linux 2.0.33 vulnerability: oversized packets Krzysztof G. Baranowski (Apr 21)
- code to crash cistron's radius Hamdi Tounsi (Apr 21)
- MGE UPS Systems Ryan Murray (Apr 12)