Executive Summary
| Summary | |
|---|---|
| Title | New acpid packages fix weak file permissions |
| Informations | |||
|---|---|---|---|
| Name | DSA-1960 | First vendor Publication | 2009-12-19 |
| Vendor | Debian | Last vendor Modification | 2009-12-19 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 6.9 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 3.4 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| It was discovered that acpid, the Advanced Configuration and Power Interface event daemon, on the oldstable distribution (etch) creates its log file with weak permissions, which might expose sensible information or might be abused by a local user to consume all free disk space on the same partition of the file. For the oldstable distribution (etch), this problem has been fixed in version 1.0.4-5etch2. The stable distribution (lenny) in version 1.0.8-1lenny2 and the unstable distribution (sid) in version 1.0.10-5, have been updated to fix the weak file permissions of the log file created by older versions. We recommend that you upgrade your acpid packages. |
Original Source
| Url : http://www.debian.org/security/2009/dsa-1960 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:13771 | |||
| Oval ID: | oval:org.mitre.oval:def:13771 | ||
| Title: | DSA-1960-1 acpid -- programming error | ||
| Description: | It was discovered that acpid, the Advanced Configuration and Power Interface event daemon, on the oldstable distribution creates its log file with weak permissions, which might expose sensible information or might be abused by a local user to consume all free disk space on the same partition of the file. For the oldstable distribution, this problem has been fixed in version 1.0.4-5etch2. The stable distribution in version 1.0.8-1lenny2 and the unstable distribution in version 1.0.10-5, have been updated to fix the weak file permissions of the log file created by older versions. We recommend that you upgrade your acpid packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1960-1 CVE-2009-4235 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | acpid |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7329 | |||
| Oval ID: | oval:org.mitre.oval:def:7329 | ||
| Title: | DSA-1960 acpid -- programming error | ||
| Description: | It was discovered that acpid, the Advanced Configuration and Power Interface event daemon, on the oldstable distribution creates its log file with weak permissions, which might expose sensitive information or might be abused by a local user to consume all free disk space on the same partition of the file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1960 CVE-2009-4235 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | acpid |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-12-30 | Name : Debian Security Advisory DSA 1960-1 (acpid) File : nvt/deb_1960_1.nasl |
| 2009-12-30 | Name : Mandriva Security Advisory MDVSA-2009:342 (acpid) File : nvt/mdksa_2009_342.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 60870 | acpid /var/log/acpid umask Permission Weakness |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1642.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1960.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1642.nasl - Type : ACT_GATHER_INFO |
| 2009-12-28 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-343.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1642.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:29:06 |
|
