Synopsis: Important: acpid security update
Issue date: 2009-12-07
CVE Names: CVE-2009-4033
CVE-2009-4033 acpid: log file created with random permissions
It was discovered that acpid could create its log file
("/var/log/acpid") with random permissions on some systems. A local
attacker could use this flaw to escalate their privileges if the log
file was created as world-writable and with the setuid or setgid bit
set. (CVE-2009-4033)
Please note that this flaw was due to a specific patch
(acpid-1.0.4-fd.patch) included in the Scientific Linux 5 acpid
package.
SL 5.x
SRPMS:
acpid-1.0.4-9.el5_4.1.src.rpm
i386:
acpid-1.0.4-9.el5_4.1.i386.rpm
x86_64:
acpid-1.0.4-9.el5_4.1.x86_64.rpm
-Connie Sieh
-Troy Dawson