APC < 3.8.0 apcupsd Multiple Vulnerabilities

critical Nessus Plugin ID 11484

Language:

Synopsis

The remote host is running an application which is affected by multiple vulnerabilities.

Description

The remote host is running the apcupsd client which, according to its version number, is affected by multiple vulnerabilities :

- The configuration file '/var/run/apcupsd.pid' is by default world-writable. A local attacker could re-write this file with other process IDs in order to crash the affected system.

- An issue exists in the 'log_event' function which a local attacker could exploit in order to execute arbitrary code.

- Several buffer overflow vulnerabilities have been reported which a remote attacker could exploit in order to execute arbitrary code on the remote host.

*** Nessus solely relied on the version number of the
*** remote server, so this might be a false positive

Solution

Upgrading to acpupsd version 3.8.0 or newer reportedly fixes the issue.

See Also

https://seclists.org/bugtraq/2000/Dec/102

http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html

Plugin Details

Severity: Critical

ID: 11484

File Name: apcupsd_overflows.nasl

Version: 1.20

Type: remote

Published: 3/26/2003

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 12/6/2000

Reference Information

CVE: CVE-2001-0040, CVE-2003-0098, CVE-2003-0099

BID: 2070, 6828, 7200