6.9
CVSSv2

CVE-2014-1419

Published: 24/07/2014 Updated: 07/01/2017
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Race condition in the power policy functions in policy-funcs in acpi-support prior to 0.142 allows local users to gain privileges via unspecified vectors.

Affected Products

Vendor Product Versions
CanonicalAcpi-support0.141
CanonicalUbuntu Linux12.04

Vendor Advisories

The system could be made to run programs as an administrator ...
CESG discovered a root escalation flaw in the acpi-support package An unprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script For the stable distribution (wheezy), this problem has been fixed in version 0140-5+deb7u1 For the testing distribution (jessie), ...