CVE-2003-0099 - OpenCVE

Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Apc	Apcupsd

Configuration 1 [-]

cpe:2.3:a:apc:apcupsd:3.8.5:*:*:*:*:*:*:*

References

Link	Resource
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt
http://securitytracker.com/id?1006108
http://sourceforge.net/project/shownotes.php?release_id=137892
http://sourceforge.net/project/shownotes.php?release_id=137900	Vendor Advisory
http://www.debian.org/security/2003/dsa-277	Patch Vendor Advisory
http://www.iss.net/security_center/static/11491.php	Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2003:018
http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html
http://www.securityfocus.com/bid/7200

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2003-02-26T05:00:00

Updated: 2016-11-17T15:57:01

Reserved: 2003-02-21T00:00:00

Link: CVE-2003-0099

JSON object: View

NVD Information

Status : Analyzed

Published: 2003-03-03T05:00:00.000

Modified: 2008-09-10T19:17:55.960

Link: CVE-2003-0099

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-02-18T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-17T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=137900"}, {"name": "1006108", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1006108"}, {"name": "MDKSA-2003:018", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018"}, {"name": "apcupsd-vsprintf-multiple-bo(11491)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/11491.php"}, {"name": "7200", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/7200"}, {"name": "SuSE-SA:2003:022", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=137892"}, {"name": "DSA-277", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2003/dsa-277"}, {"name": "CSSA-2003-015.0", "tags": ["vendor-advisory", "x_refsource_CALDERA"], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0099", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://sourceforge.net/project/shownotes.php?release_id=137900", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=137900"}, {"name": "1006108", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1006108"}, {"name": "MDKSA-2003:018", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018"}, {"name": "apcupsd-vsprintf-multiple-bo(11491)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/11491.php"}, {"name": "7200", "refsource": "BID", "url": "http://www.securityfocus.com/bid/7200"}, {"name": "SuSE-SA:2003:022", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=137892", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=137892"}, {"name": "DSA-277", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-277"}, {"name": "CSSA-2003-015.0", "refsource": "CALDERA", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0099", "datePublished": "2003-02-26T05:00:00", "dateReserved": "2003-02-21T00:00:00", "dateUpdated": "2016-11-17T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apc:apcupsd:3.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "8984E0FE-79B6-42E4-91E9-ABAE732D1C99", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en apcupsd anteriores a 3.10.5 pueden permitir a atacantes causar una denegaci\u00f3n de servicio o ejecutar c\u00f3digo arbitrario, relacionado con el uso de la funci\u00f3n vsprintf."}], "id": "CVE-2003-0099", "lastModified": "2008-09-10T19:17:55.960", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-03-03T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1006108"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=137892"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://sourceforge.net/project/shownotes.php?release_id=137900"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2003/dsa-277"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/11491.php"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/7200"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}