Mandrake Linux Security Advisory : apcupsd (MDKSA-2000:077)

low Nessus Plugin ID 61863

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

A problem exists with the apcupsd daemon. During startup, apcupsd creates a PID file in /var/run with the ID of the daemon process. This file is used by the shutdown script to kill the daemon process. The /var/run/apcupsd.pid file is created with mode 666 permissions, meaning it is world-writeable. A malicious user can overwrite the file with arbitrary process IDs and those proceses will be killed instead of the apcupsd process during the restart or stop of the apcupsd daemon.

Solution

Update the affected apcupsd package.

Plugin Details

Severity: Low

ID: 61863

File Name: mandrake_MDKSA-2000-077.nasl

Version: 1.6

Type: local

Published: 9/6/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:apcupsd, cpe:/o:mandrakesoft:mandrake_linux:7.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 12/12/2000

Reference Information

CVE: CVE-2001-0040

MDKSA: 2000:077