Vulnerability CVE-2009-0798

Vulnerability Name:

CVE-2009-0798 (CCN-50060)

Assigned:

2009-04-21

Published:

2009-04-21

Updated:

2017-09-29

Summary:

ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.1 Low (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-399

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: SourceForge.net
acpid - the ACPI event daemon

Source: MITRE
Type: CNA
CVE-2009-0798

Source: CCN
Type: VMSA-2010-0006
ESX Service Console updates for samba and acpid

Source: CCN
Type: RHSA-2009-0474
Moderate: acpid security update

Source: CCN
Type: SA34838
acpid Socket Exhaustion Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
34838

Source: SECUNIA
Type: UNKNOWN
34914

Source: SECUNIA
Type: UNKNOWN
34918

Source: SECUNIA
Type: UNKNOWN
35010

Source: SECUNIA
Type: UNKNOWN
35209

Source: SECUNIA
Type: UNKNOWN
35231

Source: CCN
Type: SA39147
VMware ESX Server 4 Update for samba and acpid

Source: CCN
Type: SA39162
VMware vMA Samba and acpid Multiple Vulnerabilities

Source: CCN
Type: SA39218
VMware ESX Server Samba Multiple Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1022182
acpid Socket Processing Bug Lets Remote Users Deny Service

Source: CCN
Type: ASA-2009-165
acpid security update (RHSA-2009-0474)

Source: DEBIAN
Type: UNKNOWN
DSA-1786

Source: DEBIAN
Type: DSA-1786
acpid -- denial of service

Source: CCN
Type: GLSA-200905-06
acpid: Denial of Service

Source: GENTOO
Type: UNKNOWN
GLSA-200905-06

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:107

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0474

Source: BID
Type: UNKNOWN
34692

Source: CCN
Type: BID-34692
acpid Local Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1022182

Source: CCN
Type: USN-766-1
acpid vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-766-1

Source: CCN
Type: Red Hat Bugzilla Bug 494443
CVE-2009-0798 acpid: too many open files DoS

Source: CONFIRM
Type: Patch
https://bugzilla.redhat.com/show_bug.cgi?id=494443

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=502583

Source: XF
Type: UNKNOWN
acpid-socket-dos(50060)

Source: XF
Type: UNKNOWN
acpid-socket-dos(50060)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:7560

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9955

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-5578

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-5608

Vulnerable Configuration:

Configuration 1:

cpe:/a:tim_hockin:acpid:0.99.0:*:*:*:*:*:*:*

OR cpe:/a:tim_hockin:acpid:0.99.1:*:*:*:*:*:*:*

OR cpe:/a:tim_hockin:acpid:0.99.4:*:*:*:*:*:*:*

OR cpe:/a:tim_hockin:acpid:1.0.0:*:*:*:*:*:*:*

OR cpe:/a:tim_hockin:acpid:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:tim_hockin:acpid:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:tim_hockin:acpid:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:tim_hockin:acpid:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:tim_hockin:acpid:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:tim_hockin:acpid:*:*:*:*:*:*:*:* (Version <= 1.0.8)

OR cpe:/a:tim_hockin:acpid:20010510:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20090798	V	CVE-2009-0798	2022-05-20
oval:org.opensuse.security:def:42267	P	Security update for dnsmasq (Important)	2022-04-22
oval:org.opensuse.security:def:26186	P	Security update for libqt4 (Important)	2021-12-22
oval:org.opensuse.security:def:31327	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:31328	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:33042	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:32211	P	Security update for transfig (Important)	2021-10-29
oval:org.opensuse.security:def:31694	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:26142	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:26128	P	Security update for postgresql13 (Moderate)	2021-09-16
oval:org.opensuse.security:def:33003	P	Security update for postgresql13 (Moderate)	2021-09-16
oval:org.opensuse.security:def:32155	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:32147	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:26089	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:31637	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:42486	P	acpid-1.0.6-91.25.20 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36079	P	acpid-1.0.6-91.25.20 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31631	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:32103	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:42072	P	Recommended update for grub2 (Moderate)	2021-05-19
oval:org.opensuse.security:def:26040	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:32081	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:31145	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:31743	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:26205	P	Security update for openssl-1_0_0 (Moderate)	2021-03-08
oval:org.opensuse.security:def:31351	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:32260	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:31339	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:31219	P	Security update for openssh (Moderate)	2021-01-05
oval:org.opensuse.security:def:26054	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:32824	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:25970	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:35665	P	acpid-1.0.6-91.16.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35860	P	acpid-1.0.6-91.25.20 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31557	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:31546	P	Security update for sane-backends (Moderate)	2020-12-01
oval:org.opensuse.security:def:25752	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:31887	P	Security update for emacs (Important)	2020-12-01
oval:org.opensuse.security:def:25501	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:26307	P	Security update for conntrack-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:31413	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:32591	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25793	P	Security update for icedtea-web (Moderate)	2020-12-01
oval:org.opensuse.security:def:26404	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:25629	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31912	P	Security update for gcc43 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25410	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25934	P	Security update for the Linux kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25832	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26859	P	acpid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25486	P	Security update for openssl-1_1 (Important)	2020-12-01
oval:org.opensuse.security:def:31937	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:26630	P	perl-spamassassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25228	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:31587	P	Security update for tcpdump (Important)	2020-12-01
oval:org.opensuse.security:def:32321	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:31545	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:25695	P	Security update for gcc9 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31848	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:26258	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:32785	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25987	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:31953	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:31134	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:25642	P	Security update for blktrace (Low)	2020-12-01
oval:org.opensuse.security:def:26360	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:25628	P	Security update for dpdk (Critical)	2020-12-01
oval:org.opensuse.security:def:31855	P	Security update for crash (Low)	2020-12-01
oval:org.opensuse.security:def:25895	P	Security update for pcsc-lite (Moderate)	2020-12-01
oval:org.opensuse.security:def:27077	P	acpid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25704	P	Security update for ppp (Important)	2020-12-01
oval:org.opensuse.security:def:26824	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25422	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:31781	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25992	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:25217	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:31500	P	Security update for python-paramiko (Moderate)	2020-12-01
oval:org.opensuse.security:def:32299	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25913	P	Security update for tcpdump, libpcap (Moderate)	2020-12-01
oval:org.opensuse.security:def:32042	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25420	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31799	P	Security update for SDL (Moderate)	2020-12-01
oval:org.opensuse.security:def:25836	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:31909	P	Security update for freetype2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31133	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25558	P	Security update for systemd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26346	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:31763	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32630	P	acpid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25846	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:27042	P	taglib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25640	P	Security update for libqt5-qtsvg (Moderate)	2020-12-01
oval:org.opensuse.security:def:31999	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:25411	P	Security update for u-boot (Important)	2020-12-01
oval:org.opensuse.security:def:25948	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:25216	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:31443	P	Security update for policycoreutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:25614	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:31993	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26665	P	acpid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25292	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:32365	P	Security update for supportutils (Moderate)	2020-12-01
oval:org.mitre.oval:def:28838	P	RHSA-2009:0474 -- acpid security update (Moderate)	2015-08-17
oval:org.mitre.oval:def:13300	P	USN-766-1 -- acpid vulnerability	2014-07-07
oval:org.mitre.oval:def:13342	P	DSA-1786-1 acpid -- denial of service	2014-06-23
oval:org.mitre.oval:def:8089	P	DSA-1786 acpid -- denial of service	2014-06-23
oval:org.mitre.oval:def:22884	P	ELSA-2009:0474: acpid security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:7560	V	ACPI Event Daemon (acpid) DOS vulnerability	2014-01-20
oval:org.mitre.oval:def:9955	V	ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.	2013-04-29
oval:com.redhat.rhsa:def:20090474	P	RHSA-2009:0474: acpid security update (Moderate)	2009-05-07
oval:org.debian:def:1786	V	denial of service	2009-05-02

BACK