Published: 08/12/2009 Updated: 17/08/2017

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tim hockin acpid 1.0.4

Debian Bug report logs - #560771 acpid: CVE-2009-4235: weak permissions on /var/log/acpid Package: acpid; Maintainer for acpid is Debian Acpi Team <pkg-acpi-devel@listsaliothdebianorg>; Source for acpid is src:acpid (PTS, buildd, popcon) Reported by: Raphael Geissert <geissert@debianorg> Date: Sat, 12 Dec 2009 03 ...

It was discovered that acpid, the Advanced Configuration and Power Interface event daemon, on the oldstable distribution (etch) creates its log file with weak permissions, which might expose sensitive information or might be abused by a local user to consume all free disk space on the same partition of the file For the oldstable distribution (etch ...

CWE-264 https://bugzilla.redhat.com/show_bug.cgi?id=542926 https://bugzilla.redhat.com/show_bug.cgi?id=515062 http://www.redhat.com/support/errata/RHSA-2009-1642.html http://securitytracker.com/id?1023284 http://www.debian.org/security/2009/dsa-1960 http://www.mandriva.com/security/advisories?name=MDVSA-2009:342 http://www.mandriva.com/security/advisories?name=MDVSA-2009:343 https://exchange.xforce.ibmcloud.com/vulnerabilities/54676 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560771 https://nvd.nist.gov https://www.debian.org/security/./dsa-1960

CVE-2009-4235

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect