Vulnerability Name:

CVE-2009-0798 (CCN-50060)

Assigned:2009-04-21
Published:2009-04-21
Updated:2017-09-29
Summary:ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: SourceForge.net
acpid - the ACPI event daemon

Source: MITRE
Type: CNA
CVE-2009-0798

Source: CCN
Type: VMSA-2010-0006
ESX Service Console updates for samba and acpid

Source: CCN
Type: RHSA-2009-0474
Moderate: acpid security update

Source: CCN
Type: SA34838
acpid Socket Exhaustion Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
34838

Source: SECUNIA
Type: UNKNOWN
34914

Source: SECUNIA
Type: UNKNOWN
34918

Source: SECUNIA
Type: UNKNOWN
35010

Source: SECUNIA
Type: UNKNOWN
35209

Source: SECUNIA
Type: UNKNOWN
35231

Source: CCN
Type: SA39147
VMware ESX Server 4 Update for samba and acpid

Source: CCN
Type: SA39162
VMware vMA Samba and acpid Multiple Vulnerabilities

Source: CCN
Type: SA39218
VMware ESX Server Samba Multiple Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1022182
acpid Socket Processing Bug Lets Remote Users Deny Service

Source: CCN
Type: ASA-2009-165
acpid security update (RHSA-2009-0474)

Source: DEBIAN
Type: UNKNOWN
DSA-1786

Source: DEBIAN
Type: DSA-1786
acpid -- denial of service

Source: CCN
Type: GLSA-200905-06
acpid: Denial of Service

Source: GENTOO
Type: UNKNOWN
GLSA-200905-06

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:107

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0474

Source: BID
Type: UNKNOWN
34692

Source: CCN
Type: BID-34692
acpid Local Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1022182

Source: CCN
Type: USN-766-1
acpid vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-766-1

Source: CCN
Type: Red Hat Bugzilla Bug 494443
CVE-2009-0798 acpid: too many open files DoS

Source: CONFIRM
Type: Patch
https://bugzilla.redhat.com/show_bug.cgi?id=494443

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=502583

Source: XF
Type: UNKNOWN
acpid-socket-dos(50060)

Source: XF
Type: UNKNOWN
acpid-socket-dos(50060)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:7560

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9955

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-5578

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-5608

Vulnerable Configuration:Configuration 1:
  • cpe:/a:tim_hockin:acpid:0.99.0:*:*:*:*:*:*:*
  • OR cpe:/a:tim_hockin:acpid:0.99.1:*:*:*:*:*:*:*
  • OR cpe:/a:tim_hockin:acpid:0.99.4:*:*:*:*:*:*:*
  • OR cpe:/a:tim_hockin:acpid:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:tim_hockin:acpid:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:tim_hockin:acpid:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:tim_hockin:acpid:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:tim_hockin:acpid:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:tim_hockin:acpid:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:tim_hockin:acpid:*:*:*:*:*:*:*:* (Version <= 1.0.8)
  • OR cpe:/a:tim_hockin:acpid:20010510:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

  • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

  • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

  • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20090798
    V
    CVE-2009-0798
    2022-05-20
    oval:org.opensuse.security:def:42267
    P
    Security update for dnsmasq (Important)
    2022-04-22
    oval:org.opensuse.security:def:26186
    P
    Security update for libqt4 (Important)
    2021-12-22
    oval:org.opensuse.security:def:31327
    P
    Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-12-14
    oval:org.opensuse.security:def:31328
    P
    Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)
    2021-12-14
    oval:org.opensuse.security:def:33042
    P
    Security update for MozillaFirefox (Important)
    2021-11-17
    oval:org.opensuse.security:def:32211
    P
    Security update for transfig (Important)
    2021-10-29
    oval:org.opensuse.security:def:31694
    P
    Security update for util-linux (Moderate)
    2021-10-19
    oval:org.opensuse.security:def:26142
    P
    Security update for apache2 (Important)
    2021-10-06
    oval:org.opensuse.security:def:26128
    P
    Security update for postgresql13 (Moderate)
    2021-09-16
    oval:org.opensuse.security:def:33003
    P
    Security update for postgresql13 (Moderate)
    2021-09-16
    oval:org.opensuse.security:def:32155
    P
    Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)
    2021-07-27
    oval:org.opensuse.security:def:32147
    P
    Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)
    2021-07-21
    oval:org.opensuse.security:def:26089
    P
    Security update for MozillaFirefox (Important)
    2021-07-16
    oval:org.opensuse.security:def:31637
    P
    Security update for ucode-intel (Important)
    2021-06-10
    oval:org.opensuse.security:def:42486
    P
    acpid-1.0.6-91.25.20 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36079
    P
    acpid-1.0.6-91.25.20 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:31631
    P
    Security update for gstreamer-plugins-bad (Important)
    2021-06-07
    oval:org.opensuse.security:def:32103
    P
    Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-06-04
    oval:org.opensuse.security:def:42072
    P
    Recommended update for grub2 (Moderate)
    2021-05-19
    oval:org.opensuse.security:def:26040
    P
    Security update for gdm (Important)
    2021-04-28
    oval:org.opensuse.security:def:32081
    P
    Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)
    2021-04-28
    oval:org.opensuse.security:def:31145
    P
    Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-04-07
    oval:org.opensuse.security:def:31743
    P
    Security update for python (Moderate)
    2021-03-16
    oval:org.opensuse.security:def:26205
    P
    Security update for openssl-1_0_0 (Moderate)
    2021-03-08
    oval:org.opensuse.security:def:31351
    P
    Security update for grub2 (Important)
    2021-03-02
    oval:org.opensuse.security:def:32260
    P
    Security update for java-1_7_1-ibm (Important)
    2021-02-18
    oval:org.opensuse.security:def:31339
    P
    Security update for the Linux Kernel (Important)
    2021-02-12
    oval:org.opensuse.security:def:31219
    P
    Security update for openssh (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:26054
    P
    Security update for flac (Moderate)
    2021-01-04
    oval:org.opensuse.security:def:32824
    P
    Security update for xen (Important)
    2020-12-07
    oval:org.opensuse.security:def:25970
    P
    Security update for gdm (Important)
    2020-12-03
    oval:org.opensuse.security:def:35665
    P
    acpid-1.0.6-91.16.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35860
    P
    acpid-1.0.6-91.25.20 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:31557
    P
    Security update for python-setuptools (Important)
    2020-12-02
    oval:org.opensuse.security:def:31546
    P
    Security update for sane-backends (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25752
    P
    Security update for libreoffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31887
    P
    Security update for emacs (Important)
    2020-12-01
    oval:org.opensuse.security:def:25501
    P
    Security update for ghostscript (Important)
    2020-12-01
    oval:org.opensuse.security:def:26307
    P
    Security update for conntrack-tools (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31413
    P
    Security update for php53 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32591
    P
    pam_mount on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25793
    P
    Security update for icedtea-web (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26404
    P
    Security update for irssi (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25629
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:31912
    P
    Security update for gcc43 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25410
    P
    Security update for java-1_8_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:25934
    P
    Security update for the Linux kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25832
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:26859
    P
    acpid on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25486
    P
    Security update for openssl-1_1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31937
    P
    Security update for glibc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26630
    P
    perl-spamassassin on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25228
    P
    Security update for LibreOffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31587
    P
    Security update for tcpdump (Important)
    2020-12-01
    oval:org.opensuse.security:def:32321
    P
    Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:31545
    P
    Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:25695
    P
    Security update for gcc9 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31848
    P
    Security update for clamav (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26258
    P
    Security update for openconnect (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32785
    P
    squid on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25987
    P
    Security update for the Linux Kernel (Critical)
    2020-12-01
    oval:org.opensuse.security:def:31953
    P
    Security update for gstreamer-0_10-plugins-base (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31134
    P
    Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:25642
    P
    Security update for blktrace (Low)
    2020-12-01
    oval:org.opensuse.security:def:26360
    P
    Security update for MozillaThunderbird (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25628
    P
    Security update for dpdk (Critical)
    2020-12-01
    oval:org.opensuse.security:def:31855
    P
    Security update for crash (Low)
    2020-12-01
    oval:org.opensuse.security:def:25895
    P
    Security update for pcsc-lite (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27077
    P
    acpid on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25704
    P
    Security update for ppp (Important)
    2020-12-01
    oval:org.opensuse.security:def:26824
    P
    sudo on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25422
    P
    Security update for postgresql10 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31781
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:25992
    P
    Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25217
    P
    Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31500
    P
    Security update for python-paramiko (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32299
    P
    Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25913
    P
    Security update for tcpdump, libpcap (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32042
    P
    Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25420
    P
    Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31799
    P
    Security update for SDL (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25836
    P
    Security update for LibreOffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31909
    P
    Security update for freetype2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31133
    P
    Security update for kvm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25558
    P
    Security update for systemd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26346
    P
    Security update for irssi (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31763
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:32630
    P
    acpid on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25846
    P
    Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27042
    P
    taglib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25640
    P
    Security update for libqt5-qtsvg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31999
    P
    Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:25411
    P
    Security update for u-boot (Important)
    2020-12-01
    oval:org.opensuse.security:def:25948
    P
    Security update for libraw (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25216
    P
    Security update for permissions (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31443
    P
    Security update for policycoreutils (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25614
    P
    Security update for perl-DBI (Important)
    2020-12-01
    oval:org.opensuse.security:def:31993
    P
    Security update for java-1_7_1-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26665
    P
    acpid on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25292
    P
    Security update for libX11 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32365
    P
    Security update for supportutils (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:28838
    P
    RHSA-2009:0474 -- acpid security update (Moderate)
    2015-08-17
    oval:org.mitre.oval:def:13300
    P
    USN-766-1 -- acpid vulnerability
    2014-07-07
    oval:org.mitre.oval:def:13342
    P
    DSA-1786-1 acpid -- denial of service
    2014-06-23
    oval:org.mitre.oval:def:8089
    P
    DSA-1786 acpid -- denial of service
    2014-06-23
    oval:org.mitre.oval:def:22884
    P
    ELSA-2009:0474: acpid security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:7560
    V
    ACPI Event Daemon (acpid) DOS vulnerability
    2014-01-20
    oval:org.mitre.oval:def:9955
    V
    ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
    2013-04-29
    oval:com.redhat.rhsa:def:20090474
    P
    RHSA-2009:0474: acpid security update (Moderate)
    2009-05-07
    oval:org.debian:def:1786
    V
    denial of service
    2009-05-02
    BACK
    tim_hockin acpid 0.99.0
    tim_hockin acpid 0.99.1
    tim_hockin acpid 0.99.4
    tim_hockin acpid 1.0.0
    tim_hockin acpid 1.0.1
    tim_hockin acpid 1.0.2
    tim_hockin acpid 1.0.3
    tim_hockin acpid 1.0.4
    tim_hockin acpid 1.0.6
    tim_hockin acpid *
    tim_hockin acpid 20010510