CVE-2003-0098 - Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to

CVE-2003-0098

Summary

Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.

References

Vulnerable Configurations

cpe:2.3:a:apcupsd:apcupsd:0.3.91_5:*:*:*:*:*:*:*
cpe:2.3:a:apcupsd:apcupsd:0.3.91_5:*:*:*:*:*:*:*
cpe:2.3:a:apcupsd:apcupsd:3.8.5:*:*:*:*:*:*:*
cpe:2.3:a:apcupsd:apcupsd:3.8.5:*:*:*:*:*:*:*
cpe:2.3:a:apcupsd:apcupsd:3.10.0:*:*:*:*:*:*:*
cpe:2.3:a:apcupsd:apcupsd:3.10.0:*:*:*:*:*:*:*
cpe:2.3:a:apcupsd:apcupsd:3.10.1:*:*:*:*:*:*:*
cpe:2.3:a:apcupsd:apcupsd:3.10.1:*:*:*:*:*:*:*
cpe:2.3:a:apcupsd:apcupsd:3.10.2:*:*:*:*:*:*:*
cpe:2.3:a:apcupsd:apcupsd:3.10.2:*:*:*:*:*:*:*
cpe:2.3:a:apcupsd:apcupsd:3.10.3:*:*:*:*:*:*:*
cpe:2.3:a:apcupsd:apcupsd:3.10.3:*:*:*:*:*:*:*
cpe:2.3:a:apcupsd:apcupsd:3.10.4:*:*:*:*:*:*:*
cpe:2.3:a:apcupsd:apcupsd:3.10.4:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 26-09-2018 - 15:59)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	6828 7200
caldera	CSSA-2003-015.0
confirm	http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6 http://sourceforge.net/project/shownotes.php?release_id=137900
debian	DSA-277
mandrake	MDKSA-2003:018
misc	http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt
sectrack	1006108
suse	SuSE-SA:2003:022
xf	apcupsd-logevent-format-string(11334)

Last major update

26-09-2018 - 15:59

Published

03-03-2003 - 05:00

Last modified

26-09-2018 - 15:59