CVE-2011-4578

Description

event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.

How to fix CVE-2011-4578

To remediate CVE-2011-4578, upgrade the affected package to a fixed version below.

• Debian/acpid—upgrade to 1:2.0.11-1 or later

Is CVE-2011-4578 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:2.0.11-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-4578