FKIE_CVE-2011-1159

Vulnerability from fkie_nvd - Published: 2011-10-05 02:56 - Updated: 2025-04-11 00:51
Severity ?
Summary
acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2011-May/059880.htmlPatch
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2011-May/060053.htmlPatch
secalert@redhat.comhttp://secunia.com/advisories/42947Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/44621Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2011/01/19/4Exploit, Patch
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2011/03/15/12Exploit, Patch
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2011/03/15/7Exploit, Patch
secalert@redhat.comhttp://www.securityfocus.com/bid/45915
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=688698Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059880.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060053.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42947Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44621Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2011/01/19/4Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2011/03/15/12Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2011/03/15/7Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/45915
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=688698Patch
Impacted products
Vendor Product Version
tedfelix acpid *
tedfelix acpid 1.0.8
tedfelix acpid 1.0.10
tedfelix acpid 2.0.0
tedfelix acpid 2.0.1
tedfelix acpid 2.0.2
tedfelix acpid 2.0.3
tedfelix acpid 2.0.4
tedfelix acpid 2.0.5
tedfelix acpid 2.0.7
tedfelix acpid 2.06
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tedfelix:acpid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF501BE4-AA18-407F-8873-ABFAC8B48314",
              "versionEndIncluding": "2.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tedfelix:acpid:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B4C09A-27B5-40C3-BC29-1AF719D15866",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tedfelix:acpid:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4A0A4D-A705-42D0-B6ED-839AD1E1654D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tedfelix:acpid:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FBDC0D-23D1-4D6A-A04B-42F3044F67D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tedfelix:acpid:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "27515319-B40F-46F6-9850-AF56D0DF46E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tedfelix:acpid:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A217BEA-9E4C-4CEF-8AFF-46A01AE5ACA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tedfelix:acpid:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B26E4400-07F3-40F4-8E40-91A9A38BCD9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tedfelix:acpid:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "44949FCD-B2F0-41EE-9714-161740CC734F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tedfelix:acpid:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC73131B-B96A-43EA-9854-48D71582FFC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tedfelix:acpid:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0E5388D-E751-4A75-935F-7B2056F24576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tedfelix:acpid:2.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "672CB3CB-4FBD-4B9F-8EBE-2A8D262D19D0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls."
    },
    {
      "lang": "es",
      "value": "acpid.c de acpid en versiones anteriores a 2.0.9 no maneja apropiadamente una situaci\u00f3n en la que un proceso se ha conectado a un acpid.socket pero no est\u00e1 leyendo ning\u00fan dato, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (cuelgue del demonio) a trav\u00e9s de una aplicaci\u00f3n modificada que que realiza una llamada al sistema de conexi\u00f3n pero no de lectura."
    }
  ],
  "id": "CVE-2011-1159",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-10-05T02:56:24.660",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059880.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060053.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42947"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44621"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/01/19/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/03/15/12"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/03/15/7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/45915"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059880.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060053.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/01/19/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/03/15/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/03/15/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688698"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.