Mandriva Update For Acpid MDVSA-2012:137 (acpid) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Multiple vulnerabilities has been discovered and corrected in acpid: Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power button events. A local attacker could use this to execute arbitrary code, and possibly escalate privileges (CVE-2011-2777). Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with a permissive file mode creation mask (umask). A local attacker could read files and modify directories created by ACPI scripts that did not set a strict umask (CVE-2011-4578). The updated packages have been patched to correct these issues.

Affected

acpid on Mandriva Linux 2011.0

Severity

Classification

CVE CVE-2011-2777, CVE-2011-4578

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:074 (libneon0.27)
Mandrake Security Advisory MDVSA-2009:175 (pango)
Mandrake Security Advisory MDVSA-2009:188 (php4-eaccelerator)
Mandrake Security Advisory MDVSA-2009:163 (tomcat5)
Mandrake Security Advisory MDVSA-2009:124 (apache)

Mandriva Update for acpid MDVSA-2012:137 (acpid)

Take action and discover your vulnerabilities