Computer Security
[EN] securityvulns.ru no-pyccku


ACPI scripts privilege escalation
Published:12.12.2011
Source:
SecurityVulns ID:12085
Type:local
Threat Level:
5/10
Description:invalid power button events processing, invalid umsk handling.
CVE:CVE-2011-4578 (event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.)
 CVE-2011-2777 (samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.)
Original documentdocumentUBUNTU, [USN-1296-1] acpid vulnerabilities (12.12.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod