Bugtraq mailing list archives
Re: APC UPS PowerChute PLUS exploit...
From: xx_cdunham () APCC COM (Carl Dunham)
Date: Tue, 21 Apr 1998 12:21:34 -0400
Rick is correct, currently the proper way to avoid this exposure to crashing is to set the powerchute.ini file as described. After seeing Theo's original posting, we looked into the issue and we plan on adding some error-checking code to avoid crashes if a bad packet is received. This fix will make its way into PowerChute updates over the next several months. Thanks to everyone who contributed to this thread. APC is very much interested in keeping PowerChute robust and secure (for obvious reasons). Any future problems can be quickly reported via our Web site at http://www.apcc.com/english/svice/techs/contact_support.cfm. If you don't get the response there you expect, please don't hesitate to contact me directly. Thanks, Carl A. Dunham Engineering Team Leader American Power Conversion
Please respond to perry () NEWS VILL EDU To: BUGTRAQ () NETSPACE ORG cc: (bcc: Carl Dunham) From: perry () NEWS VILL EDU on 04/13/98 12:11 PM AST Subject: Re: APC UPS PowerChute PLUS exploit... Theo Schlossnagle <jesus () blaze cs jhu edu> writes:The PowerChute PLUS software distributed with the UPSs provides a TCP/IP (UDP/IP) way to communicate with (for monitoring) UPS on the local subnet. It listens on port 6549 and listens for broadcast requests (UDP). So if you make as if you are actually requesting information, but send it the wrong packet... Well end of ./_upsd (the name of the daemon).I believe that the powerchute software will not listen on the net if you have the following in powerchute.ini [ Network ] UseTCP = NO I didn't yet try your exploit, but with UseTCP set to NO this machine doesn't show up in the list of remote ups's when using the powerchute admin interface from another machine on the same subnet. ....Rick perry () ece vill edu, http://www.ece.vill.edu/~perry [PGP]
Current thread:
- Linux 2.0.33 vulnerability: oversized packets, (continued)
- Linux 2.0.33 vulnerability: oversized packets Michal Zalewski (Apr 17)
- Linux 2.0.34pre10: Summary of fixed vulnerabilities Alan Cox (Apr 20)
- Re: Linux 2.0.33 vulnerability: oversized packets Jon Lewis (Apr 20)
- Re: Linux 2.0.33 vulnerability: oversized packets Krzysztof G. Baranowski (Apr 21)
- code to crash cistron's radius Hamdi Tounsi (Apr 21)
- nestea v2. The program that DoS's 2.0.33s The Tree of Life (Apr 18)
- xdm problems Thomas Roessler (Apr 16)
- Re: xdm problems Matthieu Herrb (Apr 20)
- SECURITY: procps 1.2.7 fixes security hole Aleph One (Apr 20)