Vulnerability Description
APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apc | Apcupsd | 3.7.2 |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-12/0066.htmlExploitVendor Advisory
- http://www.linux-mandrake.com/en/security/MDKSA-2000-077.php3
- http://www.securityfocus.com/bid/2070PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5654
- http://archives.neohapsis.com/archives/bugtraq/2000-12/0066.htmlExploitVendor Advisory
- http://www.linux-mandrake.com/en/security/MDKSA-2000-077.php3
- http://www.securityfocus.com/bid/2070PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5654
FAQ
What is CVE-2001-0040?
CVE-2001-0040 is a vulnerability with a CVSS score of 2.1 (LOW). APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.
How severe is CVE-2001-0040?
CVE-2001-0040 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0040?
Check the references section above for vendor advisories and patch information. Affected products include: Apc Apcupsd.