ID CVE-2009-0798
Summary ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
References
Vulnerable Configurations
  • cpe:2.3:a:tim_hockin:acpid:1.0.8
    cpe:2.3:a:tim_hockin:acpid:1.0.8
  • cpe:2.3:a:tim_hockin:acpid:1.0.6
    cpe:2.3:a:tim_hockin:acpid:1.0.6
  • cpe:2.3:a:tim_hockin:acpid:1.0.4
    cpe:2.3:a:tim_hockin:acpid:1.0.4
  • cpe:2.3:a:tim_hockin:acpid:1.0.3
    cpe:2.3:a:tim_hockin:acpid:1.0.3
  • cpe:2.3:a:tim_hockin:acpid:1.0.2
    cpe:2.3:a:tim_hockin:acpid:1.0.2
  • cpe:2.3:a:tim_hockin:acpid:1.0.1
    cpe:2.3:a:tim_hockin:acpid:1.0.1
  • cpe:2.3:a:tim_hockin:acpid:1.0.0
    cpe:2.3:a:tim_hockin:acpid:1.0.0
  • cpe:2.3:a:tim_hockin:acpid:0.99.4
    cpe:2.3:a:tim_hockin:acpid:0.99.4
  • cpe:2.3:a:tim_hockin:acpid:0.99.1
    cpe:2.3:a:tim_hockin:acpid:0.99.1
  • cpe:2.3:a:tim_hockin:acpid:0.99.0
    cpe:2.3:a:tim_hockin:acpid:0.99.0
  • cpe:2.3:a:tim_hockin:acpid:20010510
    cpe:2.3:a:tim_hockin:acpid:20010510
CVSS
Base: 5.0 (as of 27-04-2009 - 07:28)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090507_ACPID_ON_SL3_X.NASL
    description Anthony de Almeida Lopes of Outpost24 AB reported a denial of service flaw in the acpid daemon's error handling. If an attacker could exhaust the sockets open to acpid, the daemon would enter an infinite loop, consuming most CPU resources and preventing acpid from communicating with legitimate processes. (CVE-2009-0798)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60580
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60580
    title Scientific Linux Security Update : acpid on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-5608.NASL
    description Fixed CVE-2009-0798 (too many open files DoS) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 38942
    published 2009-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38942
    title Fedora 9 : acpid-1.0.6-8.fc9 (2009-5608)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-5578.NASL
    description Fixed CVE-2009-0798 (too many open files DoS) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 38941
    published 2009-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38941
    title Fedora 10 : acpid-1.0.6-11.fc10 (2009-5578)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-107.NASL
    description The daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop (CVE-2009-0798). The updated packages have been patched to prevent this. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 38707
    published 2009-05-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38707
    title Mandriva Linux Security Advisory : acpid (MDVSA-2009:107-1)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0006.NASL
    description a. Service Console update for samba to 3.0.33-3.15.el5_4.1 This update changes the samba packages to samba-client-3.0.33-3.15.el5_4.1 and samba-common-3.0.33-3.15.el5_4.1. These versions include fixes for security issues that were first fixed in samba-client-3.0.33-0.18.el4_8 and samba-common-3.0.33-0.18.el4_8. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-2906, CVE-2009-1888,CVE-2009-2813 and CVE-2009-2948 to these issues. b. Service Console update for acpid to1.0.4-9.el5_4.2 This updates changes the the acpid package to acpid-1.0.4-9.el5_4.2. This version includes the fix for a security issue that was first fixed in acpid-1.0.4-7.el5_4.1. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0798 to this issue.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 45402
    published 2010-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45402
    title VMSA-2010-0006 : ESX Service Console updates for samba and acpid
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-766-1.NASL
    description It was discovered that acpid did not properly handle a large number of connections. A local user could exploit this and monopolize CPU resources, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 38195
    published 2009-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38195
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : acpid vulnerability (USN-766-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-0474.NASL
    description An updated acpid package that fixes one security issue is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. acpid is a daemon that dispatches ACPI (Advanced Configuration and Power Interface) events to user-space programs. Anthony de Almeida Lopes of Outpost24 AB reported a denial of service flaw in the acpid daemon's error handling. If an attacker could exhaust the sockets open to acpid, the daemon would enter an infinite loop, consuming most CPU resources and preventing acpid from communicating with legitimate processes. (CVE-2009-0798) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 38710
    published 2009-05-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38710
    title RHEL 3 / 4 / 5 : acpid (RHSA-2009:0474)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200905-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200905-06 (acpid: Denial of Service) The acpid daemon allows opening a large number of UNIX sockets without closing them, triggering an infinite loop. Impact : Remote attackers can cause a Denial of Service (CPU consumption and connectivity loss). Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 38887
    published 2009-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38887
    title GLSA-200905-06 : acpid: Denial of Service
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2009-0037.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Resolves: #515062 CVE-2009-4033 acpid: log file created with random permissions - start acpid before hal - Resolves: #503177 - Updated the License entry - Fixed CVE-2009-0798 (too many open files DoS) - Resolves: #496292
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 79472
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79472
    title OracleVM 2.2 : acpid (OVMSA-2009-0037)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-0474.NASL
    description An updated acpid package that fixes one security issue is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. acpid is a daemon that dispatches ACPI (Advanced Configuration and Power Interface) events to user-space programs. Anthony de Almeida Lopes of Outpost24 AB reported a denial of service flaw in the acpid daemon's error handling. If an attacker could exhaust the sockets open to acpid, the daemon would enter an infinite loop, consuming most CPU resources and preventing acpid from communicating with legitimate processes. (CVE-2009-0798) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 38903
    published 2009-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38903
    title CentOS 3 / 4 / 5 : acpid (CESA-2009:0474)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0006_REMOTE.NASL
    description The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities in several third-party components and libraries : - A denial of service vulnerability exists in the ACPI Event Daemon (acpid) that allows a remote attacker to cause a consumption of CPU resources by opening a large number of UNIX sockets without closing them. (CVE-2009-0798) - A security bypass vulnerability exists in Samba in the acl_group_override() function when dos filemode is enabled. A remote attacker can exploit this to modify access control lists for files via vectors related to read access to uninitialized memory. (CVE-2009-1888) - A security bypass vulnerability exists in Samba in the SMB subsystem due to improper handling of errors when resolving pathnames. An authenticated, remote attacker can exploit this to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. (CVE-2009-2813) - A denial of service vulnerability exists in Samba that allows authenticated, remote attackers to cause an infinite loop via an unanticipated oplock break notification reply packet. (CVE-2009-2906) - An information disclosure vulnerability exists in Samba in mount.cifs due to improper enforcement of permissions. A local attacker can exploit this to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option. (CVE-2009-2948)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89738
    published 2016-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89738
    title VMware ESX Third-Party Libraries and Components Multiple Vulnerabilities (VMSA-2010-0006) (remote check)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2009-0008.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-0798 The daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop. - Updated the License entry - Fixed CVE-2009-0798 (too many open files DoS) - Resolves: #496291 - Minor fixes in init script - Resolves: #237752 - Review of init script - Fixed fd leaking - Resolves: #237752 #441686
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 79455
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79455
    title OracleVM 2.1 : acpid (OVMSA-2009-0008)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-0474.NASL
    description From Red Hat Security Advisory 2009:0474 : An updated acpid package that fixes one security issue is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. acpid is a daemon that dispatches ACPI (Advanced Configuration and Power Interface) events to user-space programs. Anthony de Almeida Lopes of Outpost24 AB reported a denial of service flaw in the acpid daemon's error handling. If an attacker could exhaust the sockets open to acpid, the daemon would enter an infinite loop, consuming most CPU resources and preventing acpid from communicating with legitimate processes. (CVE-2009-0798) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67855
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67855
    title Oracle Linux 3 / 4 / 5 : acpid (ELSA-2009-0474)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1786.NASL
    description It was discovered that acpid, a daemon for delivering ACPI events, is prone to a denial of service attack by opening a large number of UNIX sockets, which are not closed properly.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 38667
    published 2009-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38667
    title Debian DSA-1786-1 : acpid - denial of service
oval via4
  • accepted 2014-01-20T04:01:36.025-05:00
    class vulnerability
    contributors
    • name Pai Peng
      organization Hewlett-Packard
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
    family unix
    id oval:org.mitre.oval:def:7560
    status accepted
    submitted 2010-04-01T16:51:44.000-04:00
    title ACPI Event Daemon (acpid) DOS vulnerability
    version 8
  • accepted 2013-04-29T04:23:37.116-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
    family unix
    id oval:org.mitre.oval:def:9955
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
    version 24
redhat via4
advisories
bugzilla
id 494443
title CVE-2009-0798 acpid: too many open files DoS
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • comment acpid is earlier than 0:1.0.2-4
      oval oval:com.redhat.rhsa:tst:20090474002
    • comment acpid is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20090474003
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • comment acpid is earlier than 0:1.0.3-2.el4_7.1
      oval oval:com.redhat.rhsa:tst:20090474005
    • comment acpid is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20090474003
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • comment acpid is earlier than 0:1.0.4-7.el5_3.1
      oval oval:com.redhat.rhsa:tst:20090474007
    • comment acpid is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20090474008
rhsa
id RHSA-2009:0474
released 2009-05-07
severity Moderate
title RHSA-2009:0474: acpid security update (Moderate)
rpms
  • acpid-0:1.0.2-4
  • acpid-0:1.0.3-2.el4_7.1
  • acpid-0:1.0.4-7.el5_3.1
refmap via4
bid 34692
confirm
debian DSA-1786
fedora
  • FEDORA-2009-5578
  • FEDORA-2009-5608
gentoo GLSA-200905-06
mandriva MDVSA-2009:107
sectrack 1022182
secunia
  • 34838
  • 34914
  • 34918
  • 35010
  • 35209
  • 35231
ubuntu USN-766-1
xf acpid-socket-dos(50060)
Last major update 21-08-2010 - 01:30
Published 24-04-2009 - 11:30
Last modified 28-09-2017 - 21:34
Back to Top