RSS   Vulnerabilities for 'Acpid'   RSS

2009-12-08
 
CVE-2009-4235

CWE-264
 

 
acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033.

 
 
CVE-2009-4033

 

 
A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file.

 
2009-04-24
 
CVE-2009-0798

CWE-399
 

 
ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.

 


Copyright 2021, cxsecurity.com

 

Back to Top