CVE-2011-2777
Published: 8 December 2011
samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.
Priority
Status
Package | Release | Status |
---|---|---|
acpid Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(1.0.10-5ubuntu2.5)
|
|
maverick |
Released
(1.0.10-5ubuntu4.4)
|
|
natty |
Released
(1:2.0.7-1ubuntu2.4)
|
|
oneiric |
Released
(1:2.0.10-1ubuntu2.3)
|
|
upstream |
Needed
|
|
Patches: vendor: https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/893821/+attachment/2624920/+files/893821-powerbtn.patch |