SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Apcupsd Vendors:   Apcupsd Project
Apcupsd Format String Flaw May Let Remote Users Gain Root Access
SecurityTracker Alert ID:  1006108
SecurityTracker URL:  http://securitytracker.com/id/1006108
CVE Reference:   CVE-2003-0098, CVE-2003-0099   (Links to External Site)
Updated:  Jun 13 2008
Original Entry Date:  Feb 15 2003
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 3.8.5 and prior versions (stable); 3.10.4 and prior versions (development)
Description:   A format string vulnerability was reported in the Apcupsd power backup client software. A remote user could gain root access on the system.

It is reported that Highspeed Junkie (http://hsj.shadowpenguin.org/) discovered that the client side of apcupsd has an exploitable format string bug. A remote user could supply a specially crafted packet to a slave-server to cause arbitrary code to be executed on the system. Because apcupsd runs with root privileges, the remote user could gain root access on the system.

Impact:   A remote user could execute arbitrary code on the target system with root privileges.
Solution:   The vendor has released a fixed stable version (3.8.6), available at:

http://sourceforge.net/project/showfiles.php?group_id=54413
http://prdownloads.sourceforge.net/apcupsd/apcupsd-3.8.6.tar.gz?download

A fixed development version (3.10.5) is also available:

http://sourceforge.net/project/showfiles.php?group_id=54413

Vendor URL:  www.apcupsd.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Mandrake Issues Fix) Apcupsd Format String Flaw May Let Remote Users Gain Root Access   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
(Caldera Issues Fix) Apcupsd Format String Flaw May Let Remote Users Gain Root Access   (security@sco.com)
SCO has released a fix for OpenLinux.
(SuSE Issues Fix) Apcupsd Format String Flaw May Let Remote Users Gain Root Access   (Thomas Biege <thomas@suse.de>)
SuSE has released a fix.
(Debian Issues Fix) Apcupsd Format String Flaw May Let Remote Users Gain Root Access   (joey@infodrom.org (Martin Schulze))
Debian has released a fix.



 Source Message Contents

Date:  Fri, 14 Feb 2003 23:39:22 -0500
Subject:  apcupsd bug


 - apcupsd 3.8.6
  by Kern Sibbald (http://freshmeat.net/users/kern/)
  Friday, February 7th 2003 12:14

Utilities

About: apcupsd provides UPS power management under Linux and BSD systems
for APC Products, including most BackUPS series models (including USB),
SmartUPS V/S, SmartUPS(NET/RM), and Matrix series.

Changes: This version closes a root exploit in slave machines running
master/server networking.

License: GNU General Public License (GPL)

URL: http://freshmeat.net/projects/apcupsd/

----

http://www2.apcupsd.com/

http://prdownloads.sourceforge.net/apcupsd/apcupsd-3.8.6.tar.gz?download

http://sourceforge.net/tracker/index.php?func=detail&aid=659760&group_id=54413&atid=473650

http://bugs.debian.org/174615

Highspeed Junkie (http://hsj.shadowpenguin.org/) reported that the client side of apcupsd has an
exploitable format string bug.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC