CVE-2011-2777
published 2012-08-29CVE-2011-2777: samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by…
PriorityP424medium4.4CVSS 2.0
AVLACMAuNCPIPAP
EXPLOIT
EPSS
0.61%
44.8th percentile
samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | acpid | < acpid 1:2.0.14-1 (bookworm) | acpid 1:2.0.14-1 (bookworm) |
| tedfelix | acpid2 | <= 2.0.16 | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tim_hockin | acpid | >= 0 < 1:2.0.14-1 | 1:2.0.14-1 |
| tim_hockin | acpid | >= 0 < 1:2.0.14-1 | 1:2.0.14-1 |
| tim_hockin | acpid | >= 0 < 1:2.0.14-1 | 1:2.0.14-1 |
| tim_hockin | acpid | >= 0 < 1:2.0.14-1 | 1:2.0.14-1 |
CVSS provenance
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv4.4MEDIUM
vendor_debian4.4MEDIUM
vendor_ubuntu4.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
acpid vulnerabilities
vendor_ubuntu·2011-12-08·CVSS 4.4
CVE-2011-2777 [MEDIUM] acpid vulnerabilities
Title: acpid vulnerabilities
Summary: Several security issues were fixed in acpid.
Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power
button events. A local attacker could use this to execute arbitrary code, and
possibly escalate privileges. (CVE-2011-2777)
Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with
a permissive file mode creation mask (umask). A local attacker could read files
and modify directories created by ACPI scripts that did not set a strict umask.
(CVE-2011-4578)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2011-2777: acpid - samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the p...
vendor_debian·2011·CVSS 4.4
CVE-2011-2777 [MEDIUM] CVE-2011-2777: acpid - samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the p...
samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.
Scope: local
bookworm: resolved (fixed in 1:2.0.14-1)
bullseye: resolved (fixed in 1:2.0.14-1)
forky: resolved (fixed in 1:2.0.14-1)
sid: resolved (fixed in 1:2.0.14-1)
trixie: resolved (fixed in 1:2.0.14-1)
GHSA
GHSA-v38r-g9qq-wg8m: samples/powerbtn/powerbtn
ghsa_unreviewed·2022-05-17
CVE-2011-2777 [MEDIUM] GHSA-v38r-g9qq-wg8m: samples/powerbtn/powerbtn
samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.
OSV
CVE-2011-2777: samples/powerbtn/powerbtn
osv·2012-08-29·CVSS 4.4
CVE-2011-2777 [MEDIUM] CVE-2011-2777: samples/powerbtn/powerbtn
samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.
No detection rules found.
No writeups or analysis indexed.
2012-08-29
Published