Mandriva Linux Security Advisory 2009-342 – A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file. acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033. This update provides a solution to these vulnerabilities.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/84394/MDVSA-2009-342.txt
Source: https://packetstormsecurity.com/files/84394/Mandriva-Linux-Security-Advisory-2009-342.html