Release date: 2011-12-08
Updated on:
Affected Systems:
Acpid 2.0.10
Acpid 1.0.8
Acpid 1.0.3
Acpid 1.0.10
Acpid 1.0.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 50993
Cve id: CVE-2011-2777
ACPID is a flexible and scalable ACPI event delivery daemon.
The ACPID has the Local Privilege Escalation Vulnerability. A local attacker can exploit this vulnerability to execute arbitrary code with the privilege escalation.
<* Source: Oliver-Tobias Ripka
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Oliver-Tobias Ripka () provides the following test methods:
Http://www.securityfocus.com/data/vulnerabilities/exploits/50993.sh
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Acpid
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://sourceforge.net/projects/acpid/