CVE-2001-0040

APC UPS daemon - Local Privilege Escalation

Title source: llm

Description

APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by the itch · cdoslinux

https://www.exploit-db.com/exploits/251

View Code ZIP pw:eip

References (4)

[Patch, Vendor Advisory] http://www.securityfocus.com/bid/2070

[Various Sources] http://www.linux-mandrake.com/en/security/MDKSA-2000-077.php3

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/5654

[Exploit, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-12/0066.html

Scores

EPSS 0.0038

EPSS Percentile 59.4%

Details

Status published

Products (1)

apc/apcupsd 3.7.2

Published Feb 16, 2001

Tracked Since Feb 18, 2026