CVE-2011-2777

Published: 8 December 2011

samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.

Priority

Status

Package	Release	Status
acpid Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Released (1.0.10-5ubuntu2.5)
	maverick	Released (1.0.10-5ubuntu4.4)
	natty	Released (1:2.0.7-1ubuntu2.4)
	oneiric	Released (1:2.0.10-1ubuntu2.3)
	upstream	Needed
	Patches: vendor: https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/893821/+attachment/2624920/+files/893821-powerbtn.patch

References

https://ubuntu.com/security/notices/USN-1296-1
https://www.cve.org/CVERecord?id=CVE-2011-2777
NVD
Launchpad
Debian

Bugs

https://launchpad.net/bugs/893821

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›