acpid2: Privilege escalation — GLSA 201310-20

A vulnerability in acpid2 may allow a local attacker to gain escalated privileges.

Affected Packages

sys-power/acpid on all architectures
Affected versions < 2.0.17
Unaffected versions >= 2.0.17

Background

acpid2 is a daemon for Advanced Configuration and Power Interface.

Description

acpid2 does not properly use the pidof program in powerbtn.sh.

Impact

A local attacker could gain escalated privileges.

Workaround

There is no known workaround at this time.

Resolution

All acpid2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-power/acpid-2.0.17"
 

References

Release Date
October 28, 2013

Latest Revision
October 28, 2013: 1

Severity
high

Exploitable
local

Bugzilla entries