Published: 24/07/2014 Updated: 07/01/2017
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Race condition in the power policy functions in policy-funcs in acpi-support prior to 0.142 allows local users to gain privileges via unspecified vectors.

Affected Products

Vendor Product Versions
CanonicalUbuntu Linux12.04

Vendor Advisories

The system could be made to run programs as an administrator ...
CESG discovered a root escalation flaw in the acpi-support package An unprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script For the stable distribution (wheezy), this problem has been fixed in version 0140-5+deb7u1 For the testing distribution (jessie), ...