4.6
CVE-2011-4578
- EPSS 0.39%
- Veröffentlicht 29.08.2012 22:55:01
- Zuletzt bearbeitet 16.06.2026 23:35:04
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Loginevent.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.311 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/893821
http://sourceforge.net/u/tedfelix/acpid2/ci/02d0bf29207f17996936ab652717855b15873901/tree/Changelog?force=True
http://www.mandriva.com/security/advisories?name=MDVSA-2012:138
http://www.openwall.com/lists/oss-security/2011/12/06/3
https://bugzilla.redhat.com/show_bug.cgi?id=760984