VYPR

Acpid

by Tedfelix

CVEs (6)

  • CVE-2011-2777Aug 29, 2012
    risk 0.03cvss epss 0.01

    samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.

  • CVE-2011-1159Oct 5, 2011
    risk 0.03cvss epss 0.01

    acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but…

  • CVE-2011-4578Aug 29, 2012
    risk 0.00cvss epss 0.00

    event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via…

  • CVE-2009-4235Dec 8, 2009
    risk 0.00cvss epss 0.00

    acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033.

  • CVE-2009-4033Dec 8, 2009
    risk 0.00cvss epss 0.00

    A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by…

  • CVE-2009-0798Apr 24, 2009
    risk 0.00cvss epss 0.02

    ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.