Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: acpid, altering a file

December 2009 by Vigil@nce

The acpid daemon creates its log file with a mode allowing a local
attacker to read or modify it.

 Severity: 1/4
 Consequences: data creation/edition
 Provenance: user shell
 Means of attack: no proof of concept, no attack
 Ability of attacker: expert (4/4)
 Confidence: confirmed by the editor (5/5)
 Diffusion of the vulnerable configuration: high (3/3)
 Creation date: 21/12/2009

IMPACTED PRODUCTS

 Debian Linux
 Red Hat Enterprise Linux
 Unix - plateform

DESCRIPTION OF THE VULNERABILITY

The acpid (Advanced Configuration and Power Interface) daemon logs
its events in the /var/log/acpid file.

To create this file, it uses (simplified):
open(logfile, O_CREAT);
However, the creation mode is not defined:
open(logfile, O_CREAT, 0610);
The open() system call thus uses the current value on the stack as
mode. This value is random. The file can thus be readable or
writable by all users.

A local attacker can therefore read or modify the log file. If the
file is created suid/sgid, the attacker may elevate his privileges.

CHARACTERISTICS

 Identifiers: 515062, 542926, BID-37249, CVE-2009-4033,
CVE-2009-4235, DSA 1960-1, RHSA-2009:1642-02, VIGILANCE-VUL-9305
 Url: http://vigilance.fr/vulnerability/acpid-altering-a-file-9305


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts