Vulnerability CVE-2003-0098


Published: 2003-03-03   Modified: 2012-02-12

Description:
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.

Type:

CWE-Other

Vendor: APC
Product: Apcupsd 
Version: 3.8.5; 3.10.4;
Vendor: Debian
Product: Debian linux 
Version: 3.0; 2.2;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6
http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt
http://securitytracker.com/id?1006108
http://sourceforge.net/project/shownotes.php?release_id=137900
http://www.debian.org/security/2003/dsa-277
http://www.iss.net/security_center/static/11334.php
http://www.mandriva.com/security/advisories?name=MDKSA-2003:018
http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html
http://www.securityfocus.com/bid/6828
http://www.securityfocus.com/bid/7200

Related CVE
CVE-2019-17358
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti ...
CVE-2013-4245
Orca has arbitrary code execution due to insecure Python module load
CVE-2019-19604
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a ma...
CVE-2019-19630
HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document.
CVE-2012-1114
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.
CVE-2012-1115
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
CVE-2013-0326
OpenStack nova base images permissions are world readable
CVE-2013-2745
An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0

Copyright 2019, cxsecurity.com

 

Back to Top