Vigil@nce: acpid, denial of service
May 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can connect several times to the socket of the
acpid daemon in order to force it to enter in an infinite loop.
Severity: 1/4
Consequences: denial of service of service
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 07/05/2009
IMPACTED PRODUCTS
– Debian Linux
– Mandriva Corporate
– Mandriva Linux
– Mandriva Multi Network Firewall
– Red Hat Enterprise Linux
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The acpid daemon implements ACPI (Advanced Configuration and Power
Interface) for Linux, which is used to reduce the power
consumption.
This daemon uses a Unix socket named /var/run/acpid.socket. Local
applications can connect to this socket to obtain ACPI events.
However, the acpid daemon does not limit the number of clients.
When the maximal number of sessions which can be opened by a
process is reached, acpid cannot obtain a new session, and enters
in an infinite loop trying to obtain a free session.
A local attacker can therefore connect several times to the socket
of the acpid daemon in order to force it to enter in an infinite
loop.
CHARACTERISTICS
Identifiers: BID-34692, CVE-2009-0798, DSA 1786-1, MDVSA-2009:107,
RHSA-2009:0474-01, VIGILANCE-VUL-8696
http://vigilance.fr/vulnerability/acpid-denial-of-service-8696