APC < 3.8.0 apcupsd Multiple Vulnerabilities

This script is Copyright (C) 2003-2011 Tenable Network Security, Inc.


Synopsis :

The remote host is running an application which is affected by
multiple vulnerabilities.

Description :

The remote host is running the apcupsd client which, according to its
version number, is affected by multiple vulnerabilities :

- The configuration file '/var/run/apcupsd.pid' is by
default world-writable. A local attacker could re-write
this file with other process IDs in order to crash the
affected system.

- An issue exists in the 'log_event' function which a
local attacker could exploit in order to execute
arbitrary code.

- Several buffer overflow vulnerabilities have been
reported which a remote attacker could exploit in order
to execute arbitrary code on the remote host.

*** Nessus solely relied on the version number of the
*** remote server, so this might be a false positive

See also :

http://archives.neohapsis.com/archives/bugtraq/2000-12/0066.html
http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html

Solution :

Upgrading to acpupsd version 3.8.0 or newer reportedly fixes the issue.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : false

Family: Gain a shell remotely

Nessus Plugin ID: 11484 (apcupsd_overflows.nasl)

Bugtraq ID: 2070
6828
7200

CVE ID: CVE-2001-0040
CVE-2003-0098
CVE-2003-0099