acpid weak file permission
Published:		21.12.2009
Source:		BUGTRAQ
SecurityVulns ID:		10486
Type:		local
Level:		5/10
Description:		Log file is created world readable.

Affected:		ACPID : acpid 1.0
CVE:		CVE-2009-4235 (acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033.)

Original document

DEBIAN, [SECURITY] [DSA 1960-1] New acpid packages fix weak file permissions (21.12.2009)

Discuss:

Read or add your comments to this news (0 comments)