acpid Event Scripts Local Information Disclosure Vulnerability
BID:50945
Info
acpid Event Scripts Local Information Disclosure Vulnerability
| Bugtraq ID: | 50945 |
| Class: | Unknown |
| CVE: |
CVE-2011-4578 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 07 2011 12:00AM |
| Updated: | Aug 17 2012 11:10AM |
| Credit: | Helmut Grohne and Michael Biebl |
| Vulnerable: |
Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 ACPID ACPID 2.0.10 ACPID ACPID 1.0.10 ACPID ACPID 1.0.8 ACPID ACPID 1.0.3 ACPID ACPID 1.0.1 ACPID ACPID 2.0 |
| Not Vulnerable: |
ACPID ACPID 2.0.11 |
Discussion
acpid Event Scripts Local Information Disclosure Vulnerability
acpid is prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to disclose user session information. Information obtained may lead to further attacks.
Versions prior to acpid 2.0.11 are vulnerable.
acpid is prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to disclose user session information. Information obtained may lead to further attacks.
Versions prior to acpid 2.0.11 are vulnerable.
Exploit / POC
acpid Event Scripts Local Information Disclosure Vulnerability
Local attackers can use standard tools to exploit this issue.
Local attackers can use standard tools to exploit this issue.
Solution / Fix
acpid Event Scripts Local Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references for more information.
ACPID ACPID 2.0
ACPID ACPID 1.0.1
ACPID ACPID 1.0.10
ACPID ACPID 1.0.3
ACPID ACPID 1.0.8
ACPID ACPID 2.0.10
Solution:
Updates are available. Please see the references for more information.
ACPID ACPID 2.0
-
ACPID acpid-2.0.11.tar.gz
http://www.tedfelix.com/linux/acpid-2.0.11.tar.gz
ACPID ACPID 1.0.1
-
ACPID acpid-2.0.11.tar.gz
http://www.tedfelix.com/linux/acpid-2.0.11.tar.gz
ACPID ACPID 1.0.10
-
ACPID acpid-2.0.11.tar.gz
http://www.tedfelix.com/linux/acpid-2.0.11.tar.gz
ACPID ACPID 1.0.3
-
ACPID acpid-2.0.11.tar.gz
http://www.tedfelix.com/linux/acpid-2.0.11.tar.gz
ACPID ACPID 1.0.8
-
ACPID acpid-2.0.11.tar.gz
http://www.tedfelix.com/linux/acpid-2.0.11.tar.gz
ACPID ACPID 2.0.10
-
ACPID acpid-2.0.11.tar.gz
http://www.tedfelix.com/linux/acpid-2.0.11.tar.gz
References
acpid Event Scripts Local Information Disclosure Vulnerability
References:
References:
- ACPID Homepage (ACPID)
- ACPID Release Notes (ACPID)