Test ID:	1.3.6.1.4.1.25623.1.0.66595
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1960-1)
Summary:	The remote host is missing an update for the Debian 'acpid' package(s) announced via the DSA-1960-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'acpid' package(s) announced via the DSA-1960-1 advisory. Vulnerability Insight: It was discovered that acpid, the Advanced Configuration and Power Interface event daemon, on the oldstable distribution (etch) creates its log file with weak permissions, which might expose sensitive information or might be abused by a local user to consume all free disk space on the same partition of the file. For the oldstable distribution (etch), this problem has been fixed in version 1.0.4-5etch2. The stable distribution (lenny) in version 1.0.8-1lenny2 and the unstable distribution (sid) in version 1.0.10-5, have been updated to fix the weak file permissions of the log file created by older versions. We recommend that you upgrade your acpid packages. Affected Software/OS: 'acpid' package(s) on Debian 4, Debian 5. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4235 Debian Security Information: DSA-1960 (Google Search) http://www.debian.org/security/2009/dsa-1960 http://www.mandriva.com/security/advisories?name=MDVSA-2009:342 http://www.mandriva.com/security/advisories?name=MDVSA-2009:343 http://www.redhat.com/support/errata/RHSA-2009-1642.html http://securitytracker.com/id?1023284 XForce ISS Database: acpid-umask-weak-security(54676) https://exchange.xforce.ibmcloud.com/vulnerabilities/54676
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.