Vulnerabilities > CVE-2009-0798 - Resource Management Errors vulnerability in TIM Hockin Acpid

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
tim-hockin
CWE-399
nessus

Summary

ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0006.NASL
    descriptiona. Service Console update for samba to 3.0.33-3.15.el5_4.1 This update changes the samba packages to samba-client-3.0.33-3.15.el5_4.1 and samba-common-3.0.33-3.15.el5_4.1. These versions include fixes for security issues that were first fixed in samba-client-3.0.33-0.18.el4_8 and samba-common-3.0.33-0.18.el4_8. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-2906, CVE-2009-1888,CVE-2009-2813 and CVE-2009-2948 to these issues. b. Service Console update for acpid to1.0.4-9.el5_4.2 This updates changes the the acpid package to acpid-1.0.4-9.el5_4.2. This version includes the fix for a security issue that was first fixed in acpid-1.0.4-7.el5_4.1. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0798 to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id45402
    published2010-04-02
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45402
    titleVMSA-2010-0006 : ESX Service Console updates for samba and acpid
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from VMware Security Advisory 2010-0006. 
    # The text itself is copyright (C) VMware Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(45402);
      script_version("1.19");
      script_cvs_date("Date: 2018/08/06 14:03:16");
    
      script_cve_id("CVE-2009-0798", "CVE-2009-1888", "CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948");
      script_bugtraq_id(34692, 36363, 36572, 36573);
      script_xref(name:"VMSA", value:"2010-0006");
    
      script_name(english:"VMSA-2010-0006 : ESX Service Console updates for samba and acpid");
      script_summary(english:"Checks esxupdate output for the patches");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote VMware ESX host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "a. Service Console update for samba to 3.0.33-3.15.el5_4.1
    
       This update changes the samba packages to
       samba-client-3.0.33-3.15.el5_4.1 and
       samba-common-3.0.33-3.15.el5_4.1. These versions include fixes for
       security issues that were first fixed in
       samba-client-3.0.33-0.18.el4_8 and samba-common-3.0.33-0.18.el4_8.
        
       The Common Vulnerabilities and Exposures Project (cve.mitre.org)
       has assigned the names CVE-2009-2906, CVE-2009-1888,CVE-2009-2813
       and CVE-2009-2948 to these issues.
    
    b. Service Console update for acpid to1.0.4-9.el5_4.2
    
       This updates changes the the acpid package to acpid-1.0.4-9.el5_4.2.
       This version includes the fix for a security issue that was first
       fixed in acpid-1.0.4-7.el5_4.1.  
    
       The Common Vulnerabilities and Exposures Project (cve.mitre.org)
       has assigned the name CVE-2009-0798 to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.vmware.com/pipermail/security-announce/2011/000123.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply the missing patches.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/04/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
      script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("vmware_esx_packages.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
    if (
      !get_kb_item("Host/VMware/esxcli_software_vibs") &&
      !get_kb_item("Host/VMware/esxupdate")
    ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    init_esx_check(date:"2010-04-01");
    flag = 0;
    
    
    if (
      esx_check(
        ver           : "ESX 4.0.0",
        patch         : "ESX400-201003403-SG",
        patch_updates : make_list("ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.0.0",
        patch         : "ESX400-201003405-SG",
        patch_updates : make_list("ESX400-201203404-SG", "ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
      )
    ) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:esx_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0474.NASL
    descriptionAn updated acpid package that fixes one security issue is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. acpid is a daemon that dispatches ACPI (Advanced Configuration and Power Interface) events to user-space programs. Anthony de Almeida Lopes of Outpost24 AB reported a denial of service flaw in the acpid daemon
    last seen2020-06-01
    modified2020-06-02
    plugin id38710
    published2009-05-08
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38710
    titleRHEL 3 / 4 / 5 : acpid (RHSA-2009:0474)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:0474. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(38710);
      script_version ("1.25");
      script_cvs_date("Date: 2019/10/25 13:36:14");
    
      script_cve_id("CVE-2009-0798");
      script_bugtraq_id(34692);
      script_xref(name:"RHSA", value:"2009:0474");
    
      script_name(english:"RHEL 3 / 4 / 5 : acpid (RHSA-2009:0474)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated acpid package that fixes one security issue is now
    available for Red Hat Enterprise Linux 2.1, 3, 4, and 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    acpid is a daemon that dispatches ACPI (Advanced Configuration and
    Power Interface) events to user-space programs.
    
    Anthony de Almeida Lopes of Outpost24 AB reported a denial of service
    flaw in the acpid daemon's error handling. If an attacker could
    exhaust the sockets open to acpid, the daemon would enter an infinite
    loop, consuming most CPU resources and preventing acpid from
    communicating with legitimate processes. (CVE-2009-0798)
    
    Users are advised to upgrade to this updated package, which contains a
    backported patch to correct this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-0798"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2009:0474"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected acpid package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:acpid");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/05/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/05/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(2\.1|3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2009:0474";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"acpid-1.0.2-4")) flag++;
    
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"acpid-1.0.3-2.el4_7.1")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"acpid-1.0.3-2.el4_7.1")) flag++;
    
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"acpid-1.0.4-7.el5_3.1")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"acpid-1.0.4-7.el5_3.1")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "acpid");
      }
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-766-1.NASL
    descriptionIt was discovered that acpid did not properly handle a large number of connections. A local user could exploit this and monopolize CPU resources, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38195
    published2009-04-28
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38195
    titleUbuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : acpid vulnerability (USN-766-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-766-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(38195);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:33:02");
    
      script_cve_id("CVE-2009-0798");
      script_bugtraq_id(34692);
      script_xref(name:"USN", value:"766-1");
    
      script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : acpid vulnerability (USN-766-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that acpid did not properly handle a large number of
    connections. A local user could exploit this and monopolize CPU
    resources, leading to a denial of service.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/766-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected acpid package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:acpid");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/04/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(6\.06|8\.04|8\.10|9\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 8.10 / 9.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"6.06", pkgname:"acpid", pkgver:"1.0.4-1ubuntu11.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"acpid", pkgver:"1.0.4-5ubuntu9.3")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"acpid", pkgver:"1.0.6-9ubuntu4.8.10.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"acpid", pkgver:"1.0.6-9ubuntu4.9.04.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "acpid");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-5578.NASL
    descriptionFixed CVE-2009-0798 (too many open files DoS) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38941
    published2009-05-28
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38941
    titleFedora 10 : acpid-1.0.6-11.fc10 (2009-5578)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2009-5578.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(38941);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:30");
    
      script_cve_id("CVE-2009-0798");
      script_bugtraq_id(34692);
      script_xref(name:"FEDORA", value:"2009-5578");
    
      script_name(english:"Fedora 10 : acpid-1.0.6-11.fc10 (2009-5578)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fixed CVE-2009-0798 (too many open files DoS)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=502583"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-May/024243.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?82f162c3"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected acpid package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:acpid");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/05/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/05/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC10", reference:"acpid-1.0.6-11.fc10")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "acpid");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2009-0037.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Resolves: #515062 CVE-2009-4033 acpid: log file created with random permissions - start acpid before hal - Resolves: #503177 - Updated the License entry - Fixed CVE-2009-0798 (too many open files DoS) - Resolves: #496292
    last seen2020-06-01
    modified2020-06-02
    plugin id79472
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79472
    titleOracleVM 2.2 : acpid (OVMSA-2009-0037)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2009-0037.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79472);
      script_version("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:06");
    
      script_cve_id("CVE-2009-0798", "CVE-2009-4033");
      script_bugtraq_id(34692);
      script_xref(name:"IAVA", value:"2009-A-0135");
    
      script_name(english:"OracleVM 2.2 : acpid (OVMSA-2009-0037)");
      script_summary(english:"Checks the RPM output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - Resolves: #515062 CVE-2009-4033 acpid: log file created
        with random permissions
    
      - start acpid before hal
    
      - Resolves: #503177
    
      - Updated the License entry
    
      - Fixed CVE-2009-0798 (too many open files DoS)
    
      - Resolves: #496292"
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2010-January/000045.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?be7007b9"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected acpid package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:acpid");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:2.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/01/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "2\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 2.2", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS2.2", reference:"acpid-1.0.4-9.el5_4.1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "acpid");
    }
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0006_REMOTE.NASL
    descriptionThe remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities in several third-party components and libraries : - A denial of service vulnerability exists in the ACPI Event Daemon (acpid) that allows a remote attacker to cause a consumption of CPU resources by opening a large number of UNIX sockets without closing them. (CVE-2009-0798) - A security bypass vulnerability exists in Samba in the acl_group_override() function when dos filemode is enabled. A remote attacker can exploit this to modify access control lists for files via vectors related to read access to uninitialized memory. (CVE-2009-1888) - A security bypass vulnerability exists in Samba in the SMB subsystem due to improper handling of errors when resolving pathnames. An authenticated, remote attacker can exploit this to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. (CVE-2009-2813) - A denial of service vulnerability exists in Samba that allows authenticated, remote attackers to cause an infinite loop via an unanticipated oplock break notification reply packet. (CVE-2009-2906) - An information disclosure vulnerability exists in Samba in mount.cifs due to improper enforcement of permissions. A local attacker can exploit this to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option. (CVE-2009-2948)
    last seen2020-06-01
    modified2020-06-02
    plugin id89738
    published2016-03-08
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89738
    titleVMware ESX Third-Party Libraries and Components Multiple Vulnerabilities (VMSA-2010-0006) (remote check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89738);
      script_version("1.4");
      script_cvs_date("Date: 2018/08/06 14:03:16");
    
      script_cve_id(
        "CVE-2009-0798",
        "CVE-2009-1888",
        "CVE-2009-2813",
        "CVE-2009-2906",
        "CVE-2009-2948"
      );
      script_bugtraq_id(
        34692,
        36363,
        36572,
        36573
      );
      script_xref(name:"VMSA", value:"2010-0006");
    
      script_name(english:"VMware ESX Third-Party Libraries and Components Multiple Vulnerabilities (VMSA-2010-0006) (remote check)");
      script_summary(english:"Checks the ESX / ESXi version and build number.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VMware ESX host is missing a security-related patch.");
      script_set_attribute(attribute:"description", value:
    "The remote VMware ESX host is missing a security-related patch. It is,
    therefore, affected by multiple vulnerabilities in several third-party
    components and libraries :
    
      - A denial of service vulnerability exists in the ACPI
        Event Daemon (acpid) that allows a remote attacker to
        cause a consumption of CPU resources by opening a large
        number of UNIX sockets without closing them.
        (CVE-2009-0798)
    
      - A security bypass vulnerability exists in Samba in the
        acl_group_override() function when dos filemode is
        enabled. A remote attacker can exploit this to modify
        access control lists for files via vectors related to
        read access to uninitialized memory. (CVE-2009-1888)
    
      - A security bypass vulnerability exists in Samba in the
        SMB subsystem due to improper handling of errors when
        resolving pathnames. An authenticated, remote attacker
        can exploit this to bypass intended sharing
        restrictions, and read, create, or modify files, in
        certain circumstances involving user accounts that lack
        home directories. (CVE-2009-2813)
    
      - A denial of service vulnerability exists in Samba that
        allows authenticated, remote attackers to cause an
        infinite loop via an unanticipated oplock break
        notification reply packet. (CVE-2009-2906)
    
      - An information disclosure vulnerability exists in Samba
        in mount.cifs due to improper enforcement of
        permissions. A local attacker can exploit this to read
        part of the credentials file and obtain the password by
        specifying the path to the credentials file and using
        the --verbose or -v option. (CVE-2009-2948)");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2010-0006");
      script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2011/000123.html");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the vendor advisory that
    pertains to ESX version 4.0.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("vmware_vsphere_detect.nbin");
      script_require_keys("Host/VMware/version", "Host/VMware/release");
      script_require_ports("Host/VMware/vsphere");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    ver = get_kb_item_or_exit("Host/VMware/version");
    rel = get_kb_item_or_exit("Host/VMware/release");
    port = get_kb_item_or_exit("Host/VMware/vsphere");
    esx = '';
    
    if ("ESX" >!< rel)
      audit(AUDIT_OS_NOT, "VMware ESX/ESXi");
    
    extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
    if (isnull(extract))
      audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi");
    else
    {
      esx = extract[1];
      ver = extract[2];
    }
    
    # fixed build numbers are the same for ESX and ESXi
    fixes = make_array(
              "4.0", "244038"
            );
    
    fix = FALSE;
    fix = fixes[ver];
    
    # get the build before checking the fix for the most complete audit trail
    extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);
    if (isnull(extract))
      audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver);
    
    build = int(extract[1]);
    
    # if there is no fix in the array, fix is FALSE
    if (!fix)
      audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
    
    if (build < fix)
    {
    
      report = '\n  Version         : ' + esx + " " + ver +
               '\n  Installed build : ' + build +
               '\n  Fixed build     : ' + fix +
               '\n';
      security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);
      exit(0);
    }
    else
      audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090507_ACPID_ON_SL3_X.NASL
    descriptionAnthony de Almeida Lopes of Outpost24 AB reported a denial of service flaw in the acpid daemon
    last seen2020-06-01
    modified2020-06-02
    plugin id60580
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60580
    titleScientific Linux Security Update : acpid on SL3.x, SL4.x, SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60580);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:18");
    
      script_cve_id("CVE-2009-0798");
    
      script_name(english:"Scientific Linux Security Update : acpid on SL3.x, SL4.x, SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Scientific Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Anthony de Almeida Lopes of Outpost24 AB reported a denial of service
    flaw in the acpid daemon's error handling. If an attacker could
    exhaust the sockets open to acpid, the daemon would enter an infinite
    loop, consuming most CPU resources and preventing acpid from
    communicating with legitimate processes. (CVE-2009-0798)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0905&L=scientific-linux-errata&T=0&P=664
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ecada4c5"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected acpid package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/05/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL3", cpu:"x86_64", reference:"acpid-1.0.2-4")) flag++;
    
    if (rpm_check(release:"SL4", reference:"acpid-1.0.3-2.el4_7.1")) flag++;
    
    if (rpm_check(release:"SL5", reference:"acpid-1.0.4-7.el5_3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2009-0008.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-0798 The daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop. - Updated the License entry - Fixed CVE-2009-0798 (too many open files DoS) - Resolves: #496291 - Minor fixes in init script - Resolves: #237752 - Review of init script - Fixed fd leaking - Resolves: #237752 #441686
    last seen2020-06-01
    modified2020-06-02
    plugin id79455
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79455
    titleOracleVM 2.1 : acpid (OVMSA-2009-0008)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-107.NASL
    descriptionThe daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop (CVE-2009-0798). The updated packages have been patched to prevent this. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen2020-06-01
    modified2020-06-02
    plugin id38707
    published2009-05-08
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38707
    titleMandriva Linux Security Advisory : acpid (MDVSA-2009:107-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0474.NASL
    descriptionAn updated acpid package that fixes one security issue is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. acpid is a daemon that dispatches ACPI (Advanced Configuration and Power Interface) events to user-space programs. Anthony de Almeida Lopes of Outpost24 AB reported a denial of service flaw in the acpid daemon
    last seen2020-06-01
    modified2020-06-02
    plugin id38903
    published2009-05-26
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38903
    titleCentOS 3 / 4 / 5 : acpid (CESA-2009:0474)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200905-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200905-06 (acpid: Denial of Service) The acpid daemon allows opening a large number of UNIX sockets without closing them, triggering an infinite loop. Impact : Remote attackers can cause a Denial of Service (CPU consumption and connectivity loss). Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id38887
    published2009-05-26
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38887
    titleGLSA-200905-06 : acpid: Denial of Service
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0474.NASL
    descriptionFrom Red Hat Security Advisory 2009:0474 : An updated acpid package that fixes one security issue is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. acpid is a daemon that dispatches ACPI (Advanced Configuration and Power Interface) events to user-space programs. Anthony de Almeida Lopes of Outpost24 AB reported a denial of service flaw in the acpid daemon
    last seen2020-06-01
    modified2020-06-02
    plugin id67855
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67855
    titleOracle Linux 3 / 4 / 5 : acpid (ELSA-2009-0474)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1786.NASL
    descriptionIt was discovered that acpid, a daemon for delivering ACPI events, is prone to a denial of service attack by opening a large number of UNIX sockets, which are not closed properly.
    last seen2020-06-01
    modified2020-06-02
    plugin id38667
    published2009-05-04
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38667
    titleDebian DSA-1786-1 : acpid - denial of service
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-5608.NASL
    descriptionFixed CVE-2009-0798 (too many open files DoS) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38942
    published2009-05-28
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38942
    titleFedora 9 : acpid-1.0.6-8.fc9 (2009-5608)

Oval

  • accepted2014-01-20T04:01:36.025-05:00
    classvulnerability
    contributors
    • namePai Peng
      organizationHewlett-Packard
    • nameChris Coffin
      organizationThe MITRE Corporation
    definition_extensions
    commentVMware ESX Server 4.0 is installed
    ovaloval:org.mitre.oval:def:6293
    descriptionACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
    familyunix
    idoval:org.mitre.oval:def:7560
    statusaccepted
    submitted2010-04-01T16:51:44.000-04:00
    titleACPI Event Daemon (acpid) DOS vulnerability
    version8
  • accepted2013-04-29T04:23:37.116-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
    familyunix
    idoval:org.mitre.oval:def:9955
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
    version27

Redhat

advisories
bugzilla
id494443
titleCVE-2009-0798 acpid: too many open files DoS
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • commentacpid is earlier than 0:1.0.3-2.el4_7.1
      ovaloval:com.redhat.rhsa:tst:20090474001
    • commentacpid is signed with Red Hat master key
      ovaloval:com.redhat.rhsa:tst:20090474002
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • commentacpid is earlier than 0:1.0.4-7.el5_3.1
      ovaloval:com.redhat.rhsa:tst:20090474004
    • commentacpid is signed with Red Hat redhatrelease key
      ovaloval:com.redhat.rhsa:tst:20090474005
rhsa
idRHSA-2009:0474
released2009-05-07
severityModerate
titleRHSA-2009:0474: acpid security update (Moderate)
rpms
  • acpid-0:1.0.1-3
  • acpid-0:1.0.2-4
  • acpid-0:1.0.3-2.el4_7.1
  • acpid-0:1.0.4-7.el5_3.1
  • acpid-debuginfo-0:1.0.2-4
  • acpid-debuginfo-0:1.0.3-2.el4_7.1
  • acpid-debuginfo-0:1.0.4-7.el5_3.1

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 34692 CVE(CAN) ID: CVE-2009-0798 ACPID是一个灵活、可扩展的ACPI事件递送守护程序。 acpid守护程序处理出错情况的方式存在错误,即使已经关闭了套接字的另一端,也可以通过强制不关闭开放的UNIX套接字导致守护程序陷入死循环,耗尽大量CPU资源并妨碍合法进程与acpid的通讯。 acpid acpid 1.0.8 acpid acpid 1.0.3 acpid acpid 1.0.1 acpid ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://sourceforge.net/project/downloading.php?group_id=33140&amp;filename=acpid-1.0.10.tar.gz&amp;a=32826711 target=_blank rel=external nofollow>http://sourceforge.net/project/downloading.php?group_id=33140&amp;filename=acpid-1.0.10.tar.gz&amp;a=32826711</a>
idSSV:5115
last seen2017-11-19
modified2009-04-28
published2009-04-28
reporterRoot
titleacpid套接字耗尽本地拒绝服务漏洞