Mandrake Linux Security Advisory : apcupsd (MDKSA-2000:077)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

A problem exists with the apcupsd daemon. During startup, apcupsd
creates a PID file in /var/run with the ID of the daemon process. This
file is used by the shutdown script to kill the daemon process. The
/var/run/apcupsd.pid file is created with mode 666 permissions,
meaning it is world-writeable. A malicious user can overwrite the file
with arbitrary process IDs and those proceses will be killed instead
of the apcupsd process during the restart or stop of the apcupsd
daemon.

Solution :

Update the affected apcupsd package.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61863 ()

Bugtraq ID:

CVE ID: CVE-2001-0040

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now