APC < 3.8.0 apcupsd Multiple Vulnerabilities

This script is Copyright (C) 2003-2015 Tenable Network Security, Inc.

Synopsis :

The remote host is running an application which is affected by
multiple vulnerabilities.

Description :

The remote host is running the apcupsd client which, according to its
version number, is affected by multiple vulnerabilities :

- The configuration file '/var/run/apcupsd.pid' is by
default world-writable. A local attacker could re-write
this file with other process IDs in order to crash the
affected system.

- An issue exists in the 'log_event' function which a
local attacker could exploit in order to execute
arbitrary code.

- Several buffer overflow vulnerabilities have been
reported which a remote attacker could exploit in order
to execute arbitrary code on the remote host.

*** Nessus solely relied on the version number of the
*** remote server, so this might be a false positive

See also :


Solution :

Upgrading to acpupsd version 3.8.0 or newer reportedly fixes the issue.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3

Family: Gain a shell remotely

Nessus Plugin ID: 11484 (apcupsd_overflows.nasl)

Bugtraq ID: 2070

CVE ID: CVE-2001-0040