-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APC Security Advisory ? Denial of Service Vulnerability with PowerChute Business Edition Problem Summary A non-privileged user could cause a denial of service attack on PowerChute Business Edition servers and agents, preventing authorized users from accessing them through the PowerChute Business Edition console (see ?Affected Products? to find out if your version of software is affected). Severity Level Important Affected Products All versions of PowerChute Business Edition between 6.0 and 7.0.1 (inclusive) are affected. See ?Recommendations and workarounds? for more details on rectifying the problem. Mitigating Factors This vulnerability affects the accessibility of PowerChute Business Edition servers and agents, but does not affect the software?s primary function of gracefully shutting down in the event of a power related event. Recommendations and workarounds Customers should upgrade to version 7.0.2 of PowerChute Business Edition or patch their existing version of software. Both the full release and patch can be downloaded directly from APC?s website at http://www.apc.com/tools/download/index.cfm Exploitation and Public Announcements APC is not aware of any malicious use of the vulnerability described in this advisory. The discovery and documentation of this vulnerability was conducted by the Qualys Security Research Team. For more information about the Qualys Security Research Team, visit their website at http://www.qualys.com. Status of this notice: ACTIVE THIS IS AN ACTIVE ADVISORY. ALTHOUGH APC CANNOT GUARANTEE THE ACCURACY OF ALL STATEMENTS IN THIS NOTICE, ALL OF THE FACTS HAVE BEEN CHECKED TO THE BEST OF OUR ABILITY. APC DOES NOT ANTICIPATE ISSUING UPDATED VERSIONS OF THIS ADVISORY UNLESS THERE IS SOME MATERIAL CHANGE IN THE FACTS. SHOULD THERE BE A SIGNIFICANT CHANGE IN THE FACTS, APC MAY UPDATE THIS ADVISORY. A STAND-ALONE COPY OR PARAPHRASE OF THE TEXT OF THIS SECURITY ADVISORY IS AN UNCONTROLLED COPY, AND MAY LACK IMPORTANT INFORMATION OR CONTAIN FACTUAL ERRORS. IN NO EVENT SHALL EITHER APC, ITS OFFICERS, DIRECTORS, AFFILIATES OR EMPLOYEES, BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND INCLUDING, BUT NO LIMITED TO, LOSS OF PROFITS ARISING OUT OF THE USE OR IMPLEMENTATION OF THE INFORMATION CONTAINED HEREIN HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN AN ACTION FOR CONTRACT, STRICT LIABILITY OR TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, WHETHER OR NOT APC HAS BEEN ADVISED OR THE POSSIBILITY OF SUCH DAMAGE AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY. Distribution This bulletin and any future updates will be posted to APC's web site. Revisions Revision 1.0 Initial Public Release Copyright This notice is Copyright © 2004 by American Power Conversion Corporation. This notice may be redistributed freely provided that redistributed copies are complete and unmodified, and include all date and version information. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQP6K4oSPqbaFzuaMEQIrpgCg3TPwAnBQhOoZiB7d/V3aCcIBblMAnjLB SzS07UcrwdhsbYbGbuUBAweq =6ABX -----END PGP SIGNATURE-----
