MDVSA-2009:342
- Package name
- acpid
- Date
- 2009-12-26
- Advisory ID
- MDVSA-2009:342
- Affected versions
- CS4.0 x86_64 , CS4.0 i586
Problem description
Multiple vulnerabilities has been found and corrected in acpid:
A certain Red Hat patch for acpid 1.0.4 effectively triggers a call
to the open function with insufficient arguments, which might allow
local users to leverage weak permissions on /var/log/acpid, and obtain
sensitive information by reading this file, cause a denial of service
by overwriting this file, or gain privileges by executing this file
(CVE-2009-4033).
acpid 1.0.4 sets an unrestrictive umask, which might allow local users
to leverage weak permissions on /var/log/acpid, and obtain sensitive
information by reading this file or cause a denial of service by
overwriting this file, a different vulnerability than CVE-2009-4033
(CVE-2009-4235).
This update provides a solution to these vulnerabilities.
Updated packages
CS4.0 x86_64
7ab456d04757a0aba4011e1f818b50ad corporate/4.0/x86_64/acpid-1.0.4-6.4.20060mlcs4.x86_64.rpm 0b8535180ecdae336003fcc220488716 corporate/4.0/SRPMS/acpid-1.0.4-6.4.20060mlcs4.src.rpm
CS4.0 i586
cc578555f4de1362cd8ea344a8b6a184 corporate/4.0/i586/acpid-1.0.4-6.4.20060mlcs4.i586.rpm 0b8535180ecdae336003fcc220488716 corporate/4.0/SRPMS/acpid-1.0.4-6.4.20060mlcs4.src.rpm