acpid vulnerabilities

2011-12-0800:00:00

ubuntu.com

6.8 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.4%

JSON

Releases

Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.10
Ubuntu 10.04

Packages

acpid - Advanced Configuration and Power Interface daemon

Details

Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power
button events. A local attacker could use this to execute arbitrary code, and
possibly escalate privileges. (CVE-2011-2777)

Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with
a permissive file mode creation mask (umask). A local attacker could read files
and modify directories created by ACPI scripts that did not set a strict umask.
(CVE-2011-4578)

OSVersionArchitecturePackageVersionFilename
Ubuntu11.10noarchacpid< 1:2.0.10-1ubuntu2.3UNKNOWN
Ubuntu11.10noarchkacpimon< 1:2.0.10-1ubuntu2.3UNKNOWN
Ubuntu11.04noarchacpid< 1:2.0.7-1ubuntu2.4UNKNOWN
Ubuntu11.04noarchkacpimon< 1:2.0.7-1ubuntu2.4UNKNOWN
Ubuntu10.10noarchacpid< 1.0.10-5ubuntu4.4UNKNOWN
Ubuntu10.04noarchacpid< 1.0.10-5ubuntu2.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	11.10	noarch	acpid	< 1:2.0.10-1ubuntu2.3	UNKNOWN
Ubuntu	11.10	noarch	kacpimon	< 1:2.0.10-1ubuntu2.3	UNKNOWN
Ubuntu	11.04	noarch	acpid	< 1:2.0.7-1ubuntu2.4	UNKNOWN
Ubuntu	11.04	noarch	kacpimon	< 1:2.0.7-1ubuntu2.4	UNKNOWN
Ubuntu	10.10	noarch	acpid	< 1.0.10-5ubuntu4.4	UNKNOWN
Ubuntu	10.04	noarch	acpid	< 1.0.10-5ubuntu2.5	UNKNOWN