Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:15069
HistoryDec 15, 2009 - 12:00 a.m.

Red Hat acpid '/var/log/acpid'日志文件权限本地特权提升漏洞

2009-12-1500:00:00
Root
www.seebug.org
7

0.0004 Low

EPSS

Percentile

5.7%

JSON

Bugraq ID: 37249
CVE ID:CVE-2009-4033

Red Hat是一款流行的linux发行版本。
Red Hat Enterprise Linux 5包含的acpid以不安全权限建立日志文件(/var/log/acpid)。问题是由于使用O_CREAT标记调用时open()没有使用第三个参数,结果导致日志文件以全局可写建立,并设置setuid / setgid位,允许特权提升。

RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux 5 server
用户可参考如下安全公告获得补丁信息:
https://bugzilla.redhat.com/show_bug.cgi?id=542926

Related

nessus 6
openvas 9
debiancve 2
cvelist 2
veracode 1
prion 2
redhat 2
centos 1
cve 2
oraclelinux 1
ubuntucve 2
nessus
nessus
Scientific Linux Security Update : acpid on SL5.x i386/x86_64
2012-08-01 00:00:00
RHEL 5 : acpid (RHSA-2009:1642)
2009-12-08 00:00:00
CentOS 5 : acpid (CESA-2009:1642)
2010-01-06 00:00:00
openvas
openvas
RedHat Security Advisory RHSA-2009:1642
2009-12-10 00:00:00
CentOS Security Advisory CESA-2009:1642 (acpid)
2009-12-30 00:00:00
RedHat Security Advisory RHSA-2009:1642
2009-12-10 00:00:00
debiancve
debiancve
CVE-2009-4033
2009-12-08 19:30:00
CVE-2009-4235
2009-12-08 19:30:00
cvelist
cvelist
CVE-2009-4033
2009-12-08 19:00:00
CVE-2009-4235
2009-12-08 19:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:40:27
prion
prion
Open redirect
2009-12-08 19:30:00
Design/Logic Flaw
2009-12-08 19:30:00
redhat
redhat
(RHSA-2009:1642) Important: acpid security update
2009-12-07 00:00:00
(RHSA-2009:1692) Important: rhev-hypervisor security and bug fix update
2009-12-23 00:00:00
centos
centos
acpid security update
2009-12-18 01:36:56
cve
cve
CVE-2009-4033
2009-12-08 19:30:00
CVE-2009-4235
2009-12-08 19:30:00
oraclelinux
oraclelinux
acpid security update
2009-12-07 00:00:00
ubuntucve
ubuntucve
CVE-2009-4033
2009-12-08 00:00:00
CVE-2009-4235
2009-12-08 00:00:00

0.0004 Low

EPSS

Percentile

5.7%

JSON
Related for SSV:15069
nessus6openvas9debiancve2cvelist2veracode1prion2redhat2centos1cve2oraclelinux1ubuntucve2