Vulnerabilities > CVE-2003-0098
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 | |
OS | 2 |
Nessus
NASL family Gain a shell remotely NASL id APCUPSD_OVERFLOWS.NASL description The remote host is running the apcupsd client which, according to its version number, is affected by multiple vulnerabilities : - The configuration file last seen 2020-06-01 modified 2020-06-02 plugin id 11484 published 2003-03-26 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11484 title APC < 3.8.0 apcupsd Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(11484); script_bugtraq_id(2070, 6828, 7200); script_cve_id("CVE-2001-0040", "CVE-2003-0098", "CVE-2003-0099"); script_version ("1.20"); script_name(english:"APC < 3.8.0 apcupsd Multiple Vulnerabilities"); script_summary(english:"Checks the version of apcupsd"); script_set_attribute(attribute:"synopsis", value: "The remote host is running an application which is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The remote host is running the apcupsd client which, according to its version number, is affected by multiple vulnerabilities : - The configuration file '/var/run/apcupsd.pid' is by default world-writable. A local attacker could re-write this file with other process IDs in order to crash the affected system. - An issue exists in the 'log_event' function which a local attacker could exploit in order to execute arbitrary code. - Several buffer overflow vulnerabilities have been reported which a remote attacker could exploit in order to execute arbitrary code on the remote host. *** Nessus solely relied on the version number of the *** remote server, so this might be a false positive" ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2000/Dec/102" ); script_set_attribute(attribute:"see_also", value:"http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html" ); script_set_attribute(attribute:"solution", value: "Upgrading to acpupsd version 3.8.0 or newer reportedly fixes the issue." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2003/03/26"); script_set_attribute(attribute:"vuln_publication_date", value: "2000/12/06"); script_cvs_date("Date: 2018/11/15 20:50:22"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc."); script_family(english:"Gain a shell remotely"); script_dependencie("find_service1.nasl", "apcnisd_detect.nasl"); script_require_ports("Services/apcnisd", 7000); exit(0); } port = get_kb_item("Services/apcnisd"); if (! port) port = 7000; if (! get_port_state(port)) exit(0); soc = open_sock_tcp(port); if(!soc)exit(0); req = raw_string(0x00, 0x06) + "status"; send(socket:soc, data:req); r = recv(socket:soc, length:4096); if("APC" >< r && "MODEL" >< r) { r = strstr(r, "RELEASE"); if(ereg(pattern:"RELEASE.*: (3\.([0-7]\..*|8\.[0-5][^0-9]|10\.[0-4])|[0-2]\..*)", string:r)) security_hole(port); }
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-018.NASL description A remote root vulnerability in slave setups and some buffer overflows in the network information server code were discovered by the apcupsd developers. They have been fixed in the latest unstable version, 3.10.5 which contains additional enhancements like USB support, and the latest stable version, 3.8.6. There are a few changes that need to be noted, such as the port has changed from port 7000 to post 3551 for NIS, and the new config only allows access from the localhost. Users may need to modify their configuration files appropriately, depending upon their configuration. last seen 2020-06-01 modified 2020-06-02 plugin id 14003 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14003 title Mandrake Linux Security Advisory : apcupsd (MDKSA-2003:018) NASL family SuSE Local Security Checks NASL id SUSE_SA_2003_022.NASL description The remote host is missing the patch for the advisory SUSE-SA:2003:022 (apcupsd). The controlling and management daemon apcupsd for APC last seen 2020-06-01 modified 2020-06-02 plugin id 13792 published 2004-07-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13792 title SUSE-SA:2003:022: apcupsd NASL family Debian Local Security Checks NASL id DEBIAN_DSA-277.NASL description The controlling and management daemon apcupsd for APC last seen 2020-06-01 modified 2020-06-02 plugin id 15114 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15114 title Debian DSA-277-1 : apcupsd - buffer overflows, format string
References
- http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6
- http://www.debian.org/security/2003/dsa-277
- http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt
- http://sourceforge.net/project/shownotes.php?release_id=137900
- http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt
- http://www.securityfocus.com/bid/7200
- http://www.iss.net/security_center/static/11334.php
- http://securitytracker.com/id?1006108
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:018
- http://www.securityfocus.com/bid/6828