Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 352534 (CVE-2011-1159) - <sys-power/acpid-2.0.9: Local Denial of Service (CVE-2011-1159)
Summary: <sys-power/acpid-2.0.9: Local Denial of Service (CVE-2011-1159)
Alias: CVE-2011-1159
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa?]
Depends on:
Reported: 2011-01-23 19:46 UTC by Tim Sammut (RETIRED)
Modified: 2011-10-08 21:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2011-01-23 19:46:01 UTC
From $URL:

I. Blocking write.

I.1. Description.

acpid informs unprivileged processes about acpi events via UNIX socket.
This socket is in blocking mode.  If unprivileged process stops reading
data from the socket then, in some time, the socket queue fills up
leading to hanging privileged acpid daemon.  The daemon hangs until the
socket peer process reads some portion of the queued data or the peer
process exits/is killed.
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-21 14:05:39 UTC
There are some proposed patches, see
Comment 2 Samuli Suominen (RETIRED) gentoo-dev 2011-09-08 10:42:10 UTC
@security: seems to indicate the problem is already fixed in 2.0.9 which is our stable version

Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-09-08 13:37:45 UTC
(In reply to comment #2)
> @security: seems to
> indicate the problem is already fixed in 2.0.9 which is our stable version
> right?

Indeed, thanks, Samuli. From the 2.0.9 ChangeLog:

  - Added fcntl() for O_NONBLOCK on the client sockets.  This prevents acpid
    from hanging if a client behaves badly.  (sock.c)  (Vasiliy Kulikov)

GLSA Vote: no.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 21:41:58 UTC
CVE-2011-1159 (
  acpid.c in acpid before 2.0.9 does not properly handle a situation in which
  a process has connected to acpid.socket but is not reading any data, which
  allows local users to cause a denial of service (daemon hang) via a crafted
  application that performs a connect system call but no read system calls.
Comment 5 Pierre-Yves Rofes (RETIRED) gentoo-dev 2011-10-08 21:11:53 UTC
voting noglsa too, and closing.