6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.2%
acpid is a daemon that dispatches ACPI (Advanced Configuration and Power
Interface) events to user-space programs.
It was discovered that acpid could create its log file (β/var/log/acpidβ)
with random permissions on some systems. A local attacker could use this
flaw to escalate their privileges if the log file was created as
world-writable and with the setuid or setgid bit set. (CVE-2009-4033)
Please note that this flaw was due to a Red Hat-specific patch
(acpid-1.0.4-fd.patch) included in the Red Hat Enterprise Linux 5 acpid
package.
Users are advised to upgrade to this updated package, which contains a
backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | i386 | acpid | <Β 1.0.4-9.el5_4.1 | acpid-1.0.4-9.el5_4.1.i386.rpm |
RedHat | 5 | ia64 | acpid | <Β 1.0.4-9.el5_4.1 | acpid-1.0.4-9.el5_4.1.ia64.rpm |
RedHat | 5 | src | acpid | <Β 1.0.4-9.el5_4.1 | acpid-1.0.4-9.el5_4.1.src.rpm |
RedHat | 5 | x86_64 | acpid | <Β 1.0.4-9.el5_4.1 | acpid-1.0.4-9.el5_4.1.x86_64.rpm |