Mandriva Update For Acpid MDVSA-2012:137 (acpid) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Multiple vulnerabilities has been discovered and corrected in acpid: Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power button events. A local attacker could use this to execute arbitrary code, and possibly escalate privileges (CVE-2011-2777). Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with a permissive file mode creation mask (umask). A local attacker could read files and modify directories created by ACPI scripts that did not set a strict umask (CVE-2011-4578). The updated packages have been patched to correct these issues.

Affected

acpid on Mandriva Linux 2011.0

Severity

Classification

CVE CVE-2011-2777, CVE-2011-4578
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:048-2 (epiphany)
Mandrake Security Advisory MDVSA-2009:090 (php)
Mandrake Security Advisory MDVSA-2009:123 (opensc)
Mandrake Security Advisory MDVSA-2009:181 (bind)
Mandrake Security Advisory MDVSA-2009:167 (php)

Mandriva Update for acpid MDVSA-2012:137 (acpid)

Take action and discover your vulnerabilities