Bug 494443 (CVE-2009-0798)

Summary: CVE-2009-0798 acpid: too many open files DoS
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: debbihambrick, jlieskov, jscotka, kreilly, mjc, security-response-team, zprikryl
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0798
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-06-16 07:09:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 496287, 496288, 496289, 496290, 496291, 496292, 502583    
Bug Blocks:    
Attachments:
Description Flags
original upstream patch that fixes the issue
none
upstream patch used for 1.1.10 to fix CVE-2009-0798 none

Description Vincent Danen 2009-04-06 21:23:56 UTC
A flaw in how the acpid daemon handles error conditions can force the daemon into an infinite loop by not closing open UNIX sockets, even if the other end of the socket is closed.  If an attacker were to exhaust the number of available sockets open to acpid, too many files would be open and the daemon will enter an infinite loop, consuming a large amount of CPU and blocking legitimate processes from communicating with acpid.

Comment 4 Vincent Danen 2009-04-08 17:35:01 UTC
Created attachment 338766 [details]
original upstream patch that fixes the issue

Comment 8 Vincent Danen 2009-04-21 18:07:04 UTC
Embargo is lifted.

Comment 9 Vincent Danen 2009-04-22 18:41:04 UTC
Upstream has released 1.0.10 which contains the fix for this issue.

Comment 10 Vincent Danen 2009-04-22 21:21:10 UTC
Created attachment 340826 [details]
upstream patch used for 1.1.10 to fix CVE-2009-0798

The patch is slightly different from upstream than what they initially provided us, so we should base our updates on this patch instead.

Comment 11 errata-xmlrpc 2009-05-07 11:59:17 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 2.1
  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:0474 https://rhn.redhat.com/errata/RHSA-2009-0474.html