10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
The controlling and management daemon apcupsd for APC’s Unbreakable
Power Supplies is vulnerable to several buffer overflows and format
string attacks. These bugs can be exploited remotely by an attacker to gain root
access to the machine apcupsd is running on.
For the stable distribution (woody) this problem has been fixed in
version 3.8.5-1.1.1.
For the old stable distribution (potato) this problem does not seem to
exist.
For the unstable distribution (sid) this problem has been
fixed in version 3.8.5-1.2.
We recommend that you upgrade your apcupsd packages immediately.