Tim Hockin : Security Vulnerabilities, CVEs,
acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033.
Max CVSS
6.9
EPSS Score
0.04%
Published
2009-12-08
Updated
2017-08-17
A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file.
Max CVSS
6.9
EPSS Score
0.04%
Published
2009-12-08
Updated
2017-09-19
ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
Max CVSS
5.0
EPSS Score
18.32%
Published
2009-04-24
Updated
2017-09-29
3 vulnerabilities found