what you don't know can hurt you

Debian Security Advisory 2362-1

Debian Security Advisory 2362-1
Posted Dec 10, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2362-1 - Multiple vulnerabilities were found in the acpid, the Advanced Configuration and Power Interface event daemon.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-1159, CVE-2011-2777, CVE-2011-4578
MD5 | 44896c5053b2e34b85763dac848c4443

Debian Security Advisory 2362-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2362-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 10, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : acpid
Vulnerability : several
Problem type : remote
Debian-specific: partly
CVE ID : CVE-2011-1159 CVE-2011-2777 CVE-2011-4578

Multiple vulnerabilities were found in the acpid, the Advanced
Configuration and Power Interface event daemon:

CVE-2011-1159

Vasiliy Kulikov of OpenWall discovered that the socket handling
is vulnerable to denial of service.

CVE-2011-2777

Oliver-Tobias Ripka discovered that incorrect process handling in
the Debian-specific powerbtn.sh script could lead to local
privilege escalation. This issue doesn't affect oldstable. The
script is only shipped as an example in /usr/share/doc/acpid/examples.
See /usr/share/doc/acpid/README.Debian for details.

CVE-2011-4578

Helmut Grohne and Michael Biebl discovered that acpid sets a umask
of 0 when executing scripts, which could result in local privilege
escalation.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.0.8-1lenny4.

For the stable distribution (squeeze), this problem has been fixed in
version 1:2.0.7-1squeeze3.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your acpid packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk7jMMMACgkQXm3vHE4uylpE1wCgzAGz7OTYHqPhuf1GVeQLizhh
s3EAoJ5PA+xv94YnKeic+HkFVEGmqKjS
=t4wv
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    13 Files
  • 5
    Mar 5th
    10 Files
  • 6
    Mar 6th
    1 Files
  • 7
    Mar 7th
    2 Files
  • 8
    Mar 8th
    19 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close