Mandriva Linux Security Advisory 2009-343 - acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides a solution to this vulnerability.
b1215e6ab52d75da4694d69dadceae2b64e8d4b651241fbee6e83553f80b1522Mandriva Linux Security Advisory 2009-342 - A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file. acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033. This update provides a solution to these vulnerabilities.
76a6ed6900feef5a8282ae8df01876ad21e3d86a9ebc0b72841ab57027dbebd7Debian Linux Security Advisory 1960-1 - It was discovered that acpid, the Advanced Configuration and Power Interface event daemon, on the oldstable distribution (etch) creates its log file with weak permissions, which might expose sensible information or might be abused by a local user to consume all free disk space on the same partition of the file.
b36c83cc4622b6c42cb7aae2e6218e1d4abe11792e90f00c5524d35ac47bdb56
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed