CVE-2011-2777

acpid2 < 2.0.16 - Privilege Escalation via pidof Mismanagement

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-2777. PoCs published by otr.

AI-analyzed exploit summary This exploit leverages a privilege boundary crossing vulnerability in acpid (CVE-2011-2777) by manipulating the DBUS_SESSION_BUS_ADDRESS environment variable to inject arbitrary shell commands. It creates a fake kded4 process and a payload binary to escalate privileges when the power button is pressed.

Description

samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.

Exploits (1)

exploitdb WORKING POC
by otr · bashlocallinux
https://www.exploit-db.com/exploits/18228

This exploit leverages a privilege boundary crossing vulnerability in acpid (CVE-2011-2777) by manipulating the DBUS_SESSION_BUS_ADDRESS environment variable to inject arbitrary shell commands. It creates a fake kded4 process and a payload binary to escalate privileges when the power button is pressed.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: acpid 1:2.0.10-1ubuntu2
No auth needed
Prerequisites: Local access to the system · Certain power management programs not running (e.g., kded4, gnome-power-manager)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

EPSS 0.0061
EPSS Percentile 44.6%

Details

CWE
CWE-264
Status published
Products (17)
tedfelix/acpid2 2.0.0
tedfelix/acpid2 2.0.1
tedfelix/acpid2 2.0.2
tedfelix/acpid2 2.0.3
tedfelix/acpid2 2.0.4
tedfelix/acpid2 2.0.5
tedfelix/acpid2 2.0.6
tedfelix/acpid2 2.0.7
tedfelix/acpid2 2.0.8
tedfelix/acpid2 2.0.9
... and 7 more
Published Aug 29, 2012
Tracked Since Feb 18, 2026