Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 268079 (CVE-2009-0798) - <sys-power/acpid-1.0.10 DoS (CVE-2009-0798)
Summary: <sys-power/acpid-1.0.10 DoS (CVE-2009-0798)
Status: RESOLVED FIXED
Alias: CVE-2009-0798
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-05-01 11:08 UTC by Alex Legler (RETIRED)
Modified: 2009-05-24 18:45 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-01 11:08:59 UTC 
CVE-2009-0798 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0798):
  The daemon in acpid before 1.0.10 allows remote attackers to cause a
  denial of service (CPU consumption and connectivity loss) by opening
  a large number of UNIX sockets without closing them, which triggers
  an infinite loop.
Comment 1 Peter Alfredsen (RETIRED) gentoo-dev 2009-05-03 09:26:44 UTC 
+*acpid-1.0.10 (03 May 2009)
+
+  03 May 2009; Peter Alfredsen <loki_val@gentoo.org> +acpid-1.0.10.ebuild:
+  Bump, bug 246802. Thanks to Davide Pesavento <davidepesa@gmail.com>. Use
+  Ted Felix version of acpid that correctly handles using the netlink
+  interface instead of the deprecated /proc/acpi/event interface. Also fixes
+  bug 268079, CVE-2009-0798.
+
Comment 2 Peter Alfredsen (RETIRED) gentoo-dev 2009-05-05 08:45:30 UTC 
1.0.10_p3 is in the tree with a patch from bug 268442 for strict aliasing warnings that was accepted upstream.
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2009-05-05 22:00:07 UTC 
(In reply to comment #2)
> 1.0.10_p3 is in the tree with a patch from bug 268442 for strict aliasing
> warnings that was accepted upstream.

Does this have to do with the security issue? Do you want _p3 to go stable or 1.0.10?
Comment 4 Tobias Heinlein (RETIRED) gentoo-dev 2009-05-05 22:14:45 UTC 
Okay, _p3 was confirmed on IRC.

Arches, please test and mark stable:
=sys-power/acpid-1.0.10_p3
Target keywords : "amd64 ia64 x86"
Comment 5 Markus Meier gentoo-dev 2009-05-06 19:44:40 UTC 
amd64/x86 stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2009-05-07 16:19:51 UTC 
ia64 stable
Comment 7 Tobias Heinlein (RETIRED) gentoo-dev 2009-05-22 17:44:16 UTC 
Ready for vote, I vote YES.
Comment 8 Stefan Behte (RETIRED) gentoo-dev Security 2009-05-24 00:12:03 UTC 
Yes, too, request filed.
Comment 9 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-05-24 18:45:57 UTC 
GLSA 200905-06