CVE-2009-0798
published 2009-04-24CVE-2009-0798: ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number…
PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.31%
81.2th percentile
ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | acpid | < acpid 1.0.10-1 (bookworm) | acpid 1.0.10-1 (bookworm) |
| tim_hockin | acpid | <= 1.0.8 | — |
| tim_hockin | acpid | — | — |
| tim_hockin | acpid | — | — |
| tim_hockin | acpid | — | — |
| tim_hockin | acpid | — | — |
| tim_hockin | acpid | — | — |
| tim_hockin | acpid | — | — |
| tim_hockin | acpid | — | — |
| tim_hockin | acpid | — | — |
| tim_hockin | acpid | — | — |
| tim_hockin | acpid | — | — |
| tim_hockin | acpid | >= 0 < 1.0.10-1 | 1.0.10-1 |
| tim_hockin | acpid | >= 0 < 1.0.10-1 | 1.0.10-1 |
| tim_hockin | acpid | >= 0 < 1.0.10-1 | 1.0.10-1 |
| tim_hockin | acpid | >= 0 < 1.0.10-1 | 1.0.10-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
acpid vulnerability
vendor_ubuntu·2009-04-27
CVE-2009-0798 acpid vulnerability
Title: acpid vulnerability
Summary: acpid vulnerability
It was discovered that acpid did not properly handle a large number of
connections. A local user could exploit this and monopolize CPU resources,
leading to a denial of service.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
acpid: too many open files DoS
vendor_redhat·2009-04-21·CVSS 5.0
CVE-2009-0798 [MEDIUM] acpid: too many open files DoS
acpid: too many open files DoS
ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
Debian
CVE-2009-0798: acpid - ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denia...
vendor_debian·2009·CVSS 5.0
CVE-2009-0798 [MEDIUM] CVE-2009-0798: acpid - ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denia...
ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
Scope: local
bookworm: resolved (fixed in 1.0.10-1)
bullseye: resolved (fixed in 1.0.10-1)
forky: resolved (fixed in 1.0.10-1)
sid: resolved (fixed in 1.0.10-1)
trixie: resolved (fixed in 1.0.10-1)
GHSA
GHSA-6hf5-95q4-x9mh: ACPI Event Daemon (acpid) before 1
ghsa_unreviewed·2022-05-02
CVE-2009-0798 [MEDIUM] GHSA-6hf5-95q4-x9mh: ACPI Event Daemon (acpid) before 1
ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
OSV
CVE-2009-0798: ACPI Event Daemon (acpid) before 1
osv·2009-04-24·CVSS 5.0
CVE-2009-0798 [MEDIUM] CVE-2009-0798: ACPI Event Daemon (acpid) before 1
ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-0798 acpid: too many open files DoS
bugzilla·2009-05-26·CVSS 5.0
CVE-2009-0798 [MEDIUM] CVE-2009-0798 acpid: too many open files DoS
CVE-2009-0798 acpid: too many open files DoS
This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in all affected branches.
For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in "Blocks" field.
bug #494443: CVE-2009-0798 acpid: too many open files DoS
When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available and only close this bug once all affected Fedora versions are fixed.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=494443
Discussion:
Issue is already
Bugzilla
CVE-2009-0798 acpid: too many open files DoS
bugzilla·2009-04-06·CVSS 5.0
CVE-2009-0798 [MEDIUM] CVE-2009-0798 acpid: too many open files DoS
CVE-2009-0798 acpid: too many open files DoS
A flaw in how the acpid daemon handles error conditions can force the daemon into an infinite loop by not closing open UNIX sockets, even if the other end of the socket is closed. If an attacker were to exhaust the number of available sockets open to acpid, too many files would be open and the daemon will enter an infinite loop, consuming a large amount of CPU and blocking legitimate processes from communicating with acpid.
Discussion:
Created attachment 338766
original upstream patch that fixes the issue
---
Embargo is lifted.
---
Upstream has released 1.0.10 which contains the fix for this issue.
---
Created attachment 340826
upstream patch used for 1.1.10 to fix CVE-2009-0798
The patch is slightly different from upstream than what t
http://secunia.com/advisories/34838http://secunia.com/advisories/34914http://secunia.com/advisories/34918http://secunia.com/advisories/35010http://secunia.com/advisories/35209http://secunia.com/advisories/35231http://www.debian.org/security/2009/dsa-1786http://www.gentoo.org/security/en/glsa/glsa-200905-06.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:107http://www.redhat.com/support/errata/RHSA-2009-0474.htmlhttp://www.securityfocus.com/bid/34692http://www.securitytracker.com/id?1022182http://www.ubuntu.com/usn/USN-766-1https://bugzilla.redhat.com/show_bug.cgi?id=494443https://bugzilla.redhat.com/show_bug.cgi?id=502583https://exchange.xforce.ibmcloud.com/vulnerabilities/50060https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7560https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9955https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01342.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01365.htmlhttp://secunia.com/advisories/34838http://secunia.com/advisories/34914http://secunia.com/advisories/34918http://secunia.com/advisories/35010http://secunia.com/advisories/35209http://secunia.com/advisories/35231http://www.debian.org/security/2009/dsa-1786http://www.gentoo.org/security/en/glsa/glsa-200905-06.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:107http://www.redhat.com/support/errata/RHSA-2009-0474.htmlhttp://www.securityfocus.com/bid/34692http://www.securitytracker.com/id?1022182http://www.ubuntu.com/usn/USN-766-1https://bugzilla.redhat.com/show_bug.cgi?id=494443https://bugzilla.redhat.com/show_bug.cgi?id=502583https://exchange.xforce.ibmcloud.com/vulnerabilities/50060https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7560https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9955https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01342.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01365.html
2009-04-24
Published