APC apcupsd Local Denial of Service Vulnerability

A denial-of-service vulnerability exists in certain versions of APC's UPS daemon, apcupsd.

apcupsd is the Unix daemon driving various popular models of uninterruptible power supply manufactured by American Power Conversion.

It operates under most versions of Linux / Unix.

A key configuration file, /var/run/apcupsd.pid, instructs the daemon's scripts which system processes to shut down when the service is restarted or stopped.

By default, this file is configured world-writeable. A malicious local user could re-write this file with process IDs corresponding to arbitrary components of the affected system. As a result, these processes, and not apcupsd, could be mistakenly terminated, potentially crashing the system.


Privacy Statement
Copyright 2010, SecurityFocus