| Revision Date: | 2009-12-07 | Version: | 638 |
| Title: | RHSA-2009:1642: acpid security update (Important) |
| Description: | acpid is a daemon that dispatches ACPI (Advanced Configuration and Power Interface) events to user-space programs.
It was discovered that acpid could create its log file ("/var/log/acpid") with random permissions on some systems. A local attacker could use this flaw to escalate their privileges if the log file was created as world-writable and with the setuid or setgid bit set. (CVE-2009-4033)
Please note that this flaw was due to a Red Hat-specific patch (acpid-1.0.4-fd.patch) included in the Red Hat Enterprise Linux 5 acpid package.
Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2009-4033
RHSA-2009:1642
RHSA-2009:1642-02
RHSA-2009:1642-02
|
| Platform(s): | Red Hat Enterprise Linux 5
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux must be installed OR Package Information
Red Hat Enterprise Linux 5 is installed
AND acpid is earlier than 0:1.0.4-9.el5_4.1
AND acpid is signed with Red Hat redhatrelease2 key
|