acpid Power Button Events Local Privilege Escalation Vulnerability

Bugtraq ID:	50993
Class:	Design Error
CVE:	CVE-2011-2777
Remote:	No
Local:	Yes
Published:	Dec 08 2011 12:00AM
Updated:	Oct 28 2013 06:04PM
Credit:	Oliver-Tobias Ripka
Vulnerable:	Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 11.04 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.10 Ubuntu Ubuntu Linux 10.04 LTS Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 ACPID ACPID 2.0.10 ACPID ACPID 1.0.10 + S.u.S.E. Linux Personal 9.2 ACPID ACPID 1.0.8 + S.u.S.E. Linux Personal 9.2 ACPID ACPID 1.0.3 + S.u.S.E. Linux Personal 9.2 ACPID ACPID 1.0.1 + S.u.S.E. Linux 8.1 + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + S.u.S.E. Linux Personal 8.2 ACPID ACPID 2.0
Not Vulnerable:

acpid Power Button Events Local Privilege Escalation Vulnerability

acpid is prone to a local privilege-escalation vulnerability.

Local attackers may exploit this issue to execute arbitrary code with elevated privileges.

acpid Power Button Events Local Privilege Escalation Vulnerability

The following exploit is available:

• /data/vulnerabilities/exploits/50993.sh

acpid Power Button Events Local Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references for more information.

acpid Power Button Events Local Privilege Escalation Vulnerability

References:

• ACPID Homepage (ACPID)