From oss-security mailing list at $URL: ------ * Sat Jul 30 2011 Ted Felix <http://www.tedfelix.com> - 2.0.11 release - Set umask to 0077 for scripts run by acpid. (event.c) (Ted Felix) ------ Discovered by Helmut Grohne and Michael Biebl. Already fix in tree, just to track CVE.
Secunia advisory reference: https://secunia.com/advisories/47071/
Thanks, Agostino. GLSA Vote: no.
Vote: no. Closing noglsa.
CVE-2011-4578 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4578): event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.