A flaw in how the acpid daemon handles error conditions can force the daemon into an infinite loop by not closing open UNIX sockets, even if the other end of the socket is closed. If an attacker were to exhaust the number of available sockets open to acpid, too many files would be open and the daemon will enter an infinite loop, consuming a large amount of CPU and blocking legitimate processes from communicating with acpid.
Created attachment 338766 [details]
original upstream patch that fixes the issue
Embargo is lifted.
Upstream has released 1.0.10 which contains the fix for this issue.
Created attachment 340826 [details]
upstream patch used for 1.1.10 to fix CVE-2009-0798
The patch is slightly different from upstream than what they initially provided us, so we should base our updates on this patch instead.
This issue has been addressed in following products:
Red Hat Enterprise Linux 2.1
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:0474 https://rhn.redhat.com/errata/RHSA-2009-0474.html
This issue was addressed in:
Red Hat Enterprise Linux: