CVE-2011-4578
published 2012-08-29CVE-2011-4578: event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users…
PriorityP415medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.39%
31.3th percentile
event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | acpid | < acpid 1:2.0.11-1 (bookworm) | acpid 1:2.0.11-1 (bookworm) |
| tedfelix | acpid2 | <= 2.0.10 | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tedfelix | acpid2 | — | — |
| tim_hockin | acpid | >= 0 < 1:2.0.11-1 | 1:2.0.11-1 |
| tim_hockin | acpid | >= 0 < 1:2.0.11-1 | 1:2.0.11-1 |
| tim_hockin | acpid | >= 0 < 1:2.0.11-1 | 1:2.0.11-1 |
| tim_hockin | acpid | >= 0 < 1:2.0.11-1 | 1:2.0.11-1 |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
vendor_ubuntu4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
acpid vulnerabilities
vendor_ubuntu·2011-12-08·CVSS 4.4
CVE-2011-2777 [MEDIUM] acpid vulnerabilities
Title: acpid vulnerabilities
Summary: Several security issues were fixed in acpid.
Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power
button events. A local attacker could use this to execute arbitrary code, and
possibly escalate privileges. (CVE-2011-2777)
Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with
a permissive file mode creation mask (umask). A local attacker could read files
and modify directories created by ACPI scripts that did not set a strict umask.
(CVE-2011-4578)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
acpid: Unsafe umask for actions executed by acpid
vendor_redhat·2011-07-30·CVSS 4.6
CVE-2011-4578 [MEDIUM] acpid: Unsafe umask for actions executed by acpid
acpid: Unsafe umask for actions executed by acpid
event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.
Package: acpid (Red Hat Enterprise Linux 4) - Will not fix
Package: acpid (Red Hat Enterprise Linux 5) - Will not fix
Package: acpid (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2011-4578: acpid - event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask s...
vendor_debian·2011·CVSS 4.6
CVE-2011-4578 [MEDIUM] CVE-2011-4578: acpid - event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask s...
event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.
Scope: local
bookworm: resolved (fixed in 1:2.0.11-1)
bullseye: resolved (fixed in 1:2.0.11-1)
forky: resolved (fixed in 1:2.0.11-1)
sid: resolved (fixed in 1:2.0.11-1)
trixie: resolved (fixed in 1:2.0.11-1)
GHSA
GHSA-cvpp-fv5f-8hch: event
ghsa_unreviewed·2022-05-17
CVE-2011-4578 [MEDIUM] GHSA-cvpp-fv5f-8hch: event
event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.
OSV
CVE-2011-4578: event
osv·2012-08-29·CVSS 4.6
CVE-2011-4578 [MEDIUM] CVE-2011-4578: event
event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.
No detection rules found.
No public exploits indexed.
http://sourceforge.net/u/tedfelix/acpid2/ci/02d0bf29207f17996936ab652717855b15873901/tree/Changelog?force=Truehttp://www.mandriva.com/security/advisories?name=MDVSA-2012:138http://www.openwall.com/lists/oss-security/2011/12/06/3https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/893821https://bugzilla.redhat.com/show_bug.cgi?id=760984http://sourceforge.net/u/tedfelix/acpid2/ci/02d0bf29207f17996936ab652717855b15873901/tree/Changelog?force=Truehttp://www.mandriva.com/security/advisories?name=MDVSA-2012:138http://www.openwall.com/lists/oss-security/2011/12/06/3https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/893821https://bugzilla.redhat.com/show_bug.cgi?id=760984
2012-08-29
Published