acpid -- several vulnerabilities

ID DSA-2362
Type debian
Reporter Debian
Modified 2011-12-10T00:00:00


Multiple vulnerabilities were found in the ACPI Daemon, the Advanced Configuration and Power Interface event daemon:

Vasiliy Kulikov of OpenWall discovered that the socket handling is vulnerable to denial of service.

Oliver-Tobias Ripka discovered that incorrect process handling in the Debian-specific script could lead to local privilege escalation. This issue doesn't affect oldstable. The script is only shipped as an example in /usr/share/doc/acpid/examples. See /usr/share/doc/acpid/README.Debian for details.

Helmut Grohne and Michael Biebl discovered that acpid sets a umask of 0 when executing scripts, which could result in local privilege escalation.

For the oldstable distribution (lenny), this problem has been fixed in version 1.0.8-1lenny4.

For the stable distribution (squeeze), this problem has been fixed in version 1:2.0.7-1squeeze3.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your acpid packages.