This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Tedfelix | First view | 2012-08-29 |
| Product | acpid2 | Last view | 2012-08-29 |
| Version | 2.0.1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:tedfelix:acpid2 | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.6 | 2012-08-29 | CVE-2011-4578 | event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls. |
| 4.4 | 2012-08-29 | CVE-2011-2777 | samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 77592 | acpid /etc/acpi/powerbtn.sh Process ID Identification DBUS_SESSION_BUS_ADDRES... |
| 77557 | acpid Event Scripts Insecure umask Local Information Disclosure |
ExploitDB Exploits
| id | Description |
|---|---|
| 18228 | Acpid 1:2.0.10-1ubuntu2 Privilege Boundary Crossing Vulnerability |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-08-21 | Name : Mandriva Update for acpid MDVSA-2012:137 (acpid) File : nvt/gb_mandriva_MDVSA_2012_137.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2362-1 (acpid) File : nvt/deb_2362_1.nasl |
| 2011-12-09 | Name : Ubuntu Update for acpid USN-1296-1 File : nvt/gb_ubuntu_USN_1296_1.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-55.nasl - Type: ACT_GATHER_INFO |
| 2013-10-29 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201310-20.nasl - Type: ACT_GATHER_INFO |
| 2012-09-06 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2012-137.nasl - Type: ACT_GATHER_INFO |
| 2012-01-12 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2362.nasl - Type: ACT_GATHER_INFO |
| 2011-12-09 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1296-1.nasl - Type: ACT_GATHER_INFO |
