Ubuntu
acpi-support package

Privilege escalation vulnerability in power policy functions

Bug #1340812 reported by Jonathan Davies
260
This bug affects 2 people
Affects Status Importance Assigned to Milestone
acpi-support (Ubuntu)
Fix Released
High
Marc Deslauriers
Precise
Fix Released
High
Marc Deslauriers
Saucy
Fix Released
High
Marc Deslauriers
Trusty
Fix Released
High
Marc Deslauriers
Utopic
Fix Released
High
Marc Deslauriers

Bug Description

The Advanced Configuration and Power Interface daemon (acpid) bundled with Ubuntu is vulnerable to a race condition that allows a local user to gain root privileges.

CVE References

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

This is CVE-2014-1419

affects: acpi (Ubuntu) → acpi-support (Ubuntu)
Changed in acpi-support (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in acpi-support (Ubuntu Saucy):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in acpi-support (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in acpi-support (Ubuntu Utopic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in acpi-support (Ubuntu Precise):
status: New → Confirmed
Changed in acpi-support (Ubuntu Saucy):
status: New → Confirmed
Changed in acpi-support (Ubuntu Trusty):
status: New → Confirmed
Changed in acpi-support (Ubuntu Utopic):
status: New → Confirmed
Changed in acpi-support (Ubuntu Precise):
importance: Undecided → High
Changed in acpi-support (Ubuntu Saucy):
importance: Undecided → High
Changed in acpi-support (Ubuntu Trusty):
importance: Undecided → High
Changed in acpi-support (Ubuntu Utopic):
importance: Undecided → High
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

I will work on a fix, and then will coordinate a CRD with Debian since they also have the issue.

Jonathan Davies (jpds)
summary: - User to root vulnerability in power policy functions
+ Privilege escalation vulnerability in power policy functions
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Actually, the vulnerable policy-funcs script was dropped in 0.142, so saucy and higher are not vulnerable.

Changed in acpi-support (Ubuntu Saucy):
status: Confirmed → Invalid
Changed in acpi-support (Ubuntu Trusty):
status: Confirmed → Invalid
Changed in acpi-support (Ubuntu Utopic):
status: Confirmed → Invalid
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Details were communicated to Debian, and a CRD of 2014-07-22 17:00 UTC was requested.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package acpi-support - 0.140.2

---------------
acpi-support (0.140.2) precise-security; urgency=medium

  * SECURITY UPDATE: root escalation via race in policy-funcs (LP: #1340812)
    - lib/policy-funcs: use the X console user instead of the one from an
      arbitrary kded4 process.
    - power.sh: also source /usr/share/acpi-support/power-funcs.
    - CVE-2014-1419
 -- Marc Deslauriers <email address hidden> Mon, 14 Jul 2014 08:32:07 -0400

Changed in acpi-support (Ubuntu Precise):
status: Confirmed → Fix Released
Marc Deslauriers (mdeslaur)
information type: Private Security → Public Security
Ariel (fantoche13-h)
Changed in acpi-support (Ubuntu Saucy):
status: Invalid → Fix Released
Changed in acpi-support (Ubuntu Trusty):
status: Invalid → Fix Released
Changed in acpi-support (Ubuntu Utopic):
status: Invalid → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.