Lucene search
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20091207_ACPID_ON_SL5_X.NASLHistoryAug 01, 2012 - 12:00 a.m.
Scientific Linux Security Update : acpid on SL5.x i386/x86_64
2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
CVE-2009-4033 acpid: log file created with random permissions
It was discovered that acpid could create its log file (β/var/log/acpidβ) with random permissions on some systems. A local attacker could use this flaw to escalate their privileges if the log file was created as world-writable and with the setuid or setgid bit set. (CVE-2009-4033)
Please note that this flaw was due to a specific patch (acpid-1.0.4-fd.patch) included in the Scientific Linux 5 acpid package.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(60700);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2009-4033");
script_xref(name:"IAVA", value:"2009-A-0135");
script_name(english:"Scientific Linux Security Update : acpid on SL5.x i386/x86_64");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Scientific Linux host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"CVE-2009-4033 acpid: log file created with random permissions
It was discovered that acpid could create its log file
('/var/log/acpid') with random permissions on some systems. A local
attacker could use this flaw to escalate their privileges if the log
file was created as world-writable and with the setuid or setgid bit
set. (CVE-2009-4033)
Please note that this flaw was due to a specific patch
(acpid-1.0.4-fd.patch) included in the Scientific Linux 5 acpid
package."
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind0912&L=scientific-linux-errata&T=0&P=572
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?1b9ec04e"
);
script_set_attribute(attribute:"solution", value:"Update the affected acpid package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_cwe_id(264);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"patch_publication_date", value:"2009/12/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL5", reference:"acpid-1.0.4-9.el5_4.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux |
Related
seebug
seebug
Red Hat acpid '/var/log/acpid'ζ₯εΏζδ»Άζιζ¬ε°ηΉζζεζΌζ΄
2009-12-15 00:00:00
openvas
openvas
RedHat Security Advisory RHSA-2009:1642
2009-12-10 00:00:00
CentOS Security Advisory CESA-2009:1642 (acpid)
2009-12-30 00:00:00
CentOS Update for acpid CESA-2009:1642 centos5 i386
2011-08-09 00:00:00
debiancve
debiancve
CVE-2009-4033
2009-12-08 19:30:00
CVE-2009-4235
2009-12-08 19:30:00
cve
cve
CVE-2009-4033
2009-12-08 19:30:00
CVE-2009-4235
2009-12-08 19:30:00
centos
centos
acpid security update
2009-12-18 01:36:56
redhat
redhat
(RHSA-2009:1642) Important: acpid security update
2009-12-07 00:00:00
(RHSA-2009:1692) Important: rhev-hypervisor security and bug fix update
2009-12-23 00:00:00
cvelist
cvelist
CVE-2009-4033
2009-12-08 19:00:00
CVE-2009-4235
2009-12-08 19:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:40:27
prion
prion
Open redirect
2009-12-08 19:30:00
Design/Logic Flaw
2009-12-08 19:30:00
nvd
nvd
CVE-2009-4033
2009-12-08 19:30:00
CVE-2009-4235
2009-12-08 19:30:00
oraclelinux
oraclelinux
acpid security update
2009-12-07 00:00:00
ubuntucve
ubuntucve
CVE-2009-4033
2009-12-08 00:00:00
CVE-2009-4235
2009-12-08 00:00:00
nessus
nessus
OracleVM 2.2 : acpid (OVMSA-2009-0037)
2014-11-26 00:00:00
CentOS 5 : acpid (CESA-2009:1642)
2010-01-06 00:00:00
RHEL 5 : acpid (RHSA-2009:1642)
2009-12-08 00:00:00
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
Related for SL_20091207_ACPID_ON_SL5_X.NASL