| Vulnerability Name: | CVE-2009-4033 (CCN-54677) | ||||||||||||||||||||
| Assigned: | 2009-12-07 | ||||||||||||||||||||
| Published: | 2009-12-07 | ||||||||||||||||||||
| Updated: | 2017-09-19 | ||||||||||||||||||||
| Summary: | A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file. | ||||||||||||||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:TF/RC:C)
3.3 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:TF/RC:C)
5.3 Medium (REDHAT Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:TF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-264 | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||||||||||
| References: | Source: CCN Type: SourceForge.net acpid - the ACPI event daemon Source: MITRE Type: CNA CVE-2009-4033 Source: CCN Type: RHSA-2009-1642 Important: acpid security update Source: CCN Type: SECTRACK ID: 1023284 acpid Log File Permissions May Let Local Users Gain Elevated Privileges Source: SECTRACK Type: UNKNOWN 1023284 Source: MANDRIVA Type: UNKNOWN MDVSA-2009:342 Source: CCN Type: OSVDB ID: 60851 acpid Open Function /var/log/acpid Permission Weakness Local Privilege Escalation Source: CCN Type: OSVDB ID: 60870 acpid /var/log/acpid umask Permission Weakness Source: REDHAT Type: UNKNOWN RHSA-2009:1642 Source: BID Type: UNKNOWN 37249 Source: CCN Type: BID-37249 Red Hat acpid '/var/log/acpid' Log File Permissions Local Privilege Escalation Vulnerability Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=515062 Source: CCN Type: Red Hat Bugzilla Bug 542926 CVE-2009-4033 CVE-2009-4235 acpid: log file created with random permissions Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=542926 Source: XF Type: UNKNOWN acpid-logfile-privilege-escalation(54677) Source: XF Type: UNKNOWN acpid-logfile-privilege-escalation(54677) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10555 | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||