Lucene search

K

[email protected]NVD:CVE-2011-4578

HistoryAug 29, 2012 - 10:55 p.m.

CVE-2011-4578

2012-08-2922:55:01

CWE-264

[email protected]

web.nvd.nist.gov

2

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.

Affected configurations

NVD

Node

tedfelixacpid2Range≤2.0.10

OR

tedfelixacpid2Match2.0.0

OR

tedfelixacpid2Match2.0.1

OR

tedfelixacpid2Match2.0.2

OR

tedfelixacpid2Match2.0.3

OR

tedfelixacpid2Match2.0.4

OR

tedfelixacpid2Match2.0.5

OR

tedfelixacpid2Match2.0.6

OR

tedfelixacpid2Match2.0.7

OR

tedfelixacpid2Match2.0.8

OR

tedfelixacpid2Match2.0.9

References

sourceforge.net/u/tedfelix/acpid2/ci/02d0bf29207f17996936ab652717855b15873901/tree/Changelog?force=True

www.mandriva.com/security/advisories?name=MDVSA-2012:138

www.openwall.com/lists/oss-security/2011/12/06/3

bugs.launchpad.net/ubuntu/+source/acpid/+bug/893821

bugzilla.redhat.com/show_bug.cgi?id=760984

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

Related for NVD:CVE-2011-4578

cve1 nessus7 debiancve1 cvelist1 ubuntucve1 prion1 ubuntu1 openvas6 securityvulns2 osv1 debian1