CVE-2003-0098 — HIGH (10.0)

Q: What is CVE-2003-0098?

CVE-2003-0098 is a vulnerability with a CVSS score of 10.0 (HIGH). Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.

Q: How severe is CVE-2003-0098?

CVE-2003-0098 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2003-0098?

Check the references section above for vendor advisories and patch information. Affected products include: Apcupsd Apcupsd, Debian Debian Linux.

Vulnerability Description

Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Apcupsd	Apcupsd	< 3.8.6
Debian	Debian Linux	2.2

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txtBroken Link
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.difBroken LinkVendor Advisory
http://hsj.shadowpenguin.org/misc/apcupsd_exp.txtBroken Link
http://securitytracker.com/id?1006108Third Party AdvisoryVDB Entry
http://sourceforge.net/project/shownotes.php?release_id=137900Broken Link
http://www.debian.org/security/2003/dsa-277PatchVendor Advisory
http://www.iss.net/security_center/static/11334.phpBroken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2003:018Third Party Advisory
http://www.novell.com/linux/security/advisories/2003_022_apcupsd.htmlBroken Link
http://www.securityfocus.com/bid/6828Third Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/7200Third Party AdvisoryVDB Entry
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txtBroken Link
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.difBroken LinkVendor Advisory
http://hsj.shadowpenguin.org/misc/apcupsd_exp.txtBroken Link
http://securitytracker.com/id?1006108Third Party AdvisoryVDB Entry

FAQ

What is CVE-2003-0098?

CVE-2003-0098 is a vulnerability with a CVSS score of 10.0 (HIGH). Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.

How severe is CVE-2003-0098?

CVE-2003-0098 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-0098?

Check the references section above for vendor advisories and patch information. Affected products include: Apcupsd Apcupsd, Debian Debian Linux.