Lucene search

[email protected]CVE-2009-4033

HistoryDec 08, 2009 - 7:30 p.m.

CVE-2009-4033

2009-12-0819:30:00

CWE-264

[email protected]

web.nvd.nist.gov

red hat

acpid

patch

vulnerability

local users

sensitive information

denial of service

privilege escalation

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file.

Affected configurations

NVD

Node

tim_hockinacpidMatch1.0.4

CPENameOperatorVersion
tim_hockin:acpidtim hockin acpideq1.0.4

CPE	Name	Operator	Version
tim_hockin:acpid	tim hockin acpid	eq	1.0.4

References

securitytracker.com/id?1023284

www.mandriva.com/security/advisories?name=MDVSA-2009:342

www.redhat.com/support/errata/RHSA-2009-1642.html

www.securityfocus.com/bid/37249

bugzilla.redhat.com/show_bug.cgi?id=515062

bugzilla.redhat.com/show_bug.cgi?id=542926

exchange.xforce.ibmcloud.com/vulnerabilities/54677

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10555

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2009-4033

seebug1 openvas9 nessus6 debiancve2 cvelist2 centos1 redhat2 veracode1 prion2 nvd2 oraclelinux1 ubuntucve2 cve1