Lucene search

[email protected]CVE-2009-4235

HistoryDec 08, 2009 - 7:30 p.m.

CVE-2009-4235

2009-12-0819:30:00

CWE-264

[email protected]

web.nvd.nist.gov

acpid

umask

vulnerability

local users

sensitive information

denial of service

nvd

6.6 Medium

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033.

CPENameOperatorVersion
tim_hockin:acpidtim hockin acpideq1.0.4

CPE	Name	Operator	Version
tim_hockin:acpid	tim hockin acpid	eq	1.0.4

References

securitytracker.com/id?1023284

www.debian.org/security/2009/dsa-1960

www.mandriva.com/security/advisories?name=MDVSA-2009:342

www.mandriva.com/security/advisories?name=MDVSA-2009:343

www.redhat.com/support/errata/RHSA-2009-1642.html

bugzilla.redhat.com/show_bug.cgi?id=515062

bugzilla.redhat.com/show_bug.cgi?id=542926

exchange.xforce.ibmcloud.com/vulnerabilities/54676

6.6 Medium

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2009-4235

openvas11 prion2 debiancve2 nessus7 ubuntucve2 securityvulns2 debian1 osv1 seebug1 veracode1 redhat2 centos1 cve1 oraclelinux1