Debian DSA-277-1 : apcupsd - buffer overflows, format string

critical Nessus Plugin ID 15114

Synopsis

The remote Debian host is missing a security-related update.

Description

The controlling and management daemon apcupsd for APC's Unbreakable Power Supplies is vulnerable to several buffer overflows and format string attacks. These bugs can be exploited remotely by an attacker to gain root access to the machine apcupsd is running on.

Solution

Upgrade the apcupsd packages immediately.

For the stable distribution (woody) this problem has been fixed in version 3.8.5-1.1.1.

For the old stable distribution (potato) this problem does not seem to exist.

See Also

http://www.debian.org/security/2003/dsa-277

Plugin Details

Severity: Critical

ID: 15114

File Name: debian_DSA-277.nasl

Version: 1.23

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:3.0, p-cpe:/a:debian:debian_linux:apcupsd

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 4/3/2003

Vulnerability Publication Date: 2/15/2003

Reference Information

CVE: CVE-2003-0098, CVE-2003-0099

BID: 7200

DSA: 277