SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Apcupsd Vendors:   Apcupsd Project
(Caldera Issues Fix) Apcupsd Format String Flaw May Let Remote Users Gain Root Access
SecurityTracker Alert ID:  1006383
SecurityTracker URL:  http://securitytracker.com/id/1006383
CVE Reference:   CVE-2003-0098, CVE-2003-0099   (Links to External Site)
Updated:  Dec 10 2003
Original Entry Date:  Mar 26 2003
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.8.5 and prior versions (stable); 3.10.4 and prior versions (development)
Description:   A format string vulnerability was reported in the Apcupsd power backup client software. A remote user could gain root access on the system.

It is reported that Highspeed Junkie (http://hsj.shadowpenguin.org/) discovered that the client side of apcupsd has an exploitable format string bug. A remote user could supply a specially crafted packet to a slave-server to cause arbitrary code to be executed on the system. Because apcupsd runs with root privileges, the remote user could gain root access on the system.

Impact:   A remote user could execute arbitrary code on the target system with root privileges.
Solution:   SCO/Caldera has released a fix for OpenLinux.

OpenLinux 3.1.1 Server:

Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-015.0/RPMS

Packages

a2c0d41800f62383c65f77858f0c3898 apcupsd-3.8.6-1.i386.rpm
13800369e6a5712eb02f00514e05eaf0 apcupsd-cgi-3.8.6-1.i386.rpm
c6744b9f001474a9bb1dd9f59d3edbcd apcupsd-powerflute-3.8.6-1.i386.rpm

Installation

rpm -Fvh apcupsd-3.8.6-1.i386.rpm
rpm -Fvh apcupsd-cgi-3.8.6-1.i386.rpm
rpm -Fvh apcupsd-powerflute-3.8.6-1.i386.rpm

Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-015.0/SRPMS

Source Packages

2efb5f90e0c02ffc08340308d29bc1bf apcupsd-3.8.6-1.src.rpm


OpenLinux 3.1 Server:

Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-015.0/RPMS

Packages

2c04bd609f4b1949c56556719928ff50 apcupsd-3.8.6-1.i386.rpm
048ad400cb7c9a80ba16798ecde20c4a apcupsd-cgi-3.8.6-1.i386.rpm
d8de392566a69a95f5e230af51918839 apcupsd-powerflute-3.8.6-1.i386.rpm

Installation

rpm -Fvh apcupsd-3.8.6-1.i386.rpm
rpm -Fvh apcupsd-cgi-3.8.6-1.i386.rpm
rpm -Fvh apcupsd-powerflute-3.8.6-1.i386.rpm

Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-015.0/SRPMS

Source Packages

1d6fcff1a24702cc60ec0779a6512e0a apcupsd-3.8.6-1.src.rpm

Vendor URL:  www.apcupsd.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Caldera/SCO)
Underlying OS Comments:  OpenLinux Server 3.1, 3.1.1

Message History:   This archive entry is a follow-up to the message listed below.
Feb 15 2003 Apcupsd Format String Flaw May Let Remote Users Gain Root Access



 Source Message Contents

Subject:  Security Update: [CSSA-2003-015.0] Linux: apcupsd remote root vulnerability and buffer overflows


--J2SCkAp4GZ/dPZZf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com


______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: apcupsd remote root vulnerability and buffer overflows
Advisory number: 	CSSA-2003-015.0
Issue date: 		2003 March 25
Cross reference:
______________________________________________________________________________


1. Problem Description

	From the CVE candidate desciptions:

	A vulnerability in apcupsd allows remote attackers to gain
	root privileges, possibly via format strings in a request to a
	slave server.

	Multiple buffer overflows in apcupsd may allow attackers to
	cause a denial of service or execute arbitrary code, related
	to usage of the vsprintf function.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to apcupsd-3.8.6-1.i386.rpm
					prior to apcupsd-cgi-3.8.6-1.i386.rpm
					prior to apcupsd-powerflute-3.8.6-1.i386.rpm

	OpenLinux 3.1 Server		prior to apcupsd-3.8.6-1.i386.rpm
					prior to apcupsd-cgi-3.8.6-1.i386.rpm
					prior to apcupsd-powerflute-3.8.6-1.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-015.0/RPMS

	4.2 Packages

	a2c0d41800f62383c65f77858f0c3898	apcupsd-3.8.6-1.i386.rpm
	13800369e6a5712eb02f00514e05eaf0	apcupsd-cgi-3.8.6-1.i386.rpm
	c6744b9f001474a9bb1dd9f59d3edbcd	apcupsd-powerflute-3.8.6-1.i386.rpm

	4.3 Installation

	rpm -Fvh apcupsd-3.8.6-1.i386.rpm
	rpm -Fvh apcupsd-cgi-3.8.6-1.i386.rpm
	rpm -Fvh apcupsd-powerflute-3.8.6-1.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-015.0/SRPMS

	4.5 Source Packages

	2efb5f90e0c02ffc08340308d29bc1bf	apcupsd-3.8.6-1.src.rpm


5. OpenLinux 3.1 Server

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-015.0/RPMS

	5.2 Packages

	2c04bd609f4b1949c56556719928ff50	apcupsd-3.8.6-1.i386.rpm
	048ad400cb7c9a80ba16798ecde20c4a	apcupsd-cgi-3.8.6-1.i386.rpm
	d8de392566a69a95f5e230af51918839	apcupsd-powerflute-3.8.6-1.i386.rpm

	5.3 Installation

	rpm -Fvh apcupsd-3.8.6-1.i386.rpm
	rpm -Fvh apcupsd-cgi-3.8.6-1.i386.rpm
	rpm -Fvh apcupsd-powerflute-3.8.6-1.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-015.0/SRPMS

	5.5 Source Packages

	1d6fcff1a24702cc60ec0779a6512e0a	apcupsd-3.8.6-1.src.rpm


6. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0098
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0099

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr876044, fz527560,
	erg712268.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgements

	Highspeed Junkie (http://hsj.shadowpenguin.org/) discovered
	and researched the slave server vulnerability.

______________________________________________________________________________

--J2SCkAp4GZ/dPZZf
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj6Ax/kACgkQbluZssSXDTFDggCgyVG5mjlwhtZCSjyOzwaPvfwa
XpUAoKbWacgyIbJuiHIYIp5oNub98eGx
=DrH4
-----END PGP SIGNATURE-----

--J2SCkAp4GZ/dPZZf--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC