| VID |
23039 |
| Severity |
40 |
| Port |
7000 |
| Protocol |
TCP |
| Class |
APCUPSD |
| Detailed Description |
The Apcupsd daemon, according to its version number, may be vulnerable to multiple flaws.
Apcupsd is a Unix daemon that controls American Power Conversion (APC) uninterruptible power supplies (UPS). Apcupsd versions prior to 3.8.6 (stable) and versions prior to 3.10.5 (development) are vulnerable to multiple buffer overflows which may allow remote attackers to cause a denial of service or execute arbitrary code on the system.
* Note: This check solely relied on the version number of the remote Apcupsd daemon to assess this vulnerability, so this might be a false positive.
* References:
http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt
http://securitytracker.com/alerts/2003/Feb/1006108.html
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:018
http://sourceforge.net/project/shownotes.php?release_id=137900
* Platforms Affected:
Apcupsd 3.10.4 and earlier
Apcupsd 3.8.5 and earlier
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest stable version of Apcupsd (3.8.6 or later) or the latest development version of Apcupsd (3.10.5 or later), available from the Apcupsd Web page, http://sourceforge.net/project/shownotes.php?release_id=137900
For Mandrake Linux:
Upgrade to the latest apcupsd package, as listed in MandrakeSoft Security Advisory MDKSA-2003:018:apcupsd, http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:018
For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest version of apcupsd (3.8.5-1.1.1 or later), as listed in Debian Security Advisory DSA-277-1, http://www.debian.org/security/2003/dsa-277
For SuSE Linux:
Upgrade to the latest apcupsd package, as listed in SuSE Security Announcement SuSE-SA:2003:022, http://www.suse.de/de/security/2003_022_apcupsd.html
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2001-0040,CVE-2003-0098,CVE-2003-0099 (CVE) |
| Related URL |
2070,6828,7200 (SecurityFocus) |
| Related URL |
5654,11334,11491 (ISS) |
|
