CVE-2011-1159 - OpenCVE

acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Tedfelix	Acpid

Configuration 1 [-]

OR	cpe:2.3:a:tedfelix:acpid::::::::
	cpe:2.3:a:tedfelix:acpid:1.0.8:::::::*
	cpe:2.3:a:tedfelix:acpid:1.0.10:::::::*
	cpe:2.3:a:tedfelix:acpid:2.0.0:::::::*
	cpe:2.3:a:tedfelix:acpid:2.0.1:::::::*
	cpe:2.3:a:tedfelix:acpid:2.0.2:::::::*
	cpe:2.3:a:tedfelix:acpid:2.0.3:::::::*
	cpe:2.3:a:tedfelix:acpid:2.0.4:::::::*
	cpe:2.3:a:tedfelix:acpid:2.0.5:::::::*
	cpe:2.3:a:tedfelix:acpid:2.0.7:::::::*
	cpe:2.3:a:tedfelix:acpid:2.06:::::::*

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059880.html	Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060053.html	Patch
http://secunia.com/advisories/42947	Vendor Advisory
http://secunia.com/advisories/44621	Vendor Advisory
http://www.openwall.com/lists/oss-security/2011/01/19/4	Exploit Patch
http://www.openwall.com/lists/oss-security/2011/03/15/12	Exploit Patch
http://www.openwall.com/lists/oss-security/2011/03/15/7	Exploit Patch
http://www.securityfocus.com/bid/45915
https://bugzilla.redhat.com/show_bug.cgi?id=688698	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-10-03T16:15:08

Updated: 2022-10-03T16:15:08

Reserved: 2022-10-03T00:00:00

Link: CVE-2011-1159

JSON object: View

NVD Information

Status : Analyzed

Published: 2011-10-05T02:56:24.660

Modified: 2012-05-14T04:00:00.000

Link: CVE-2011-1159

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:08", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "45915", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/45915"}, {"name": "FEDORA-2011-6681", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059880.html"}, {"name": "44621", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44621"}, {"name": "42947", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42947"}, {"name": "[oss-security] 20110315 Re: 2 acpid flaws", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/03/15/7"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688698"}, {"name": "[oss-security] 20110119 2 acpid flaws", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/01/19/4"}, {"name": "[oss-security] 20110315 Re: 2 acpid flaws", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/03/15/12"}, {"name": "FEDORA-2011-6460", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060053.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1159", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "45915", "refsource": "BID", "url": "http://www.securityfocus.com/bid/45915"}, {"name": "FEDORA-2011-6681", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059880.html"}, {"name": "44621", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44621"}, {"name": "42947", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42947"}, {"name": "[oss-security] 20110315 Re: 2 acpid flaws", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/03/15/7"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=688698", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688698"}, {"name": "[oss-security] 20110119 2 acpid flaws", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/01/19/4"}, {"name": "[oss-security] 20110315 Re: 2 acpid flaws", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/03/15/12"}, {"name": "FEDORA-2011-6460", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060053.html"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1159", "datePublished": "2022-10-03T16:15:08", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tedfelix:acpid:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF501BE4-AA18-407F-8873-ABFAC8B48314", "versionEndIncluding": "2.0.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:tedfelix:acpid:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "82B4C09A-27B5-40C3-BC29-1AF719D15866", "vulnerable": true}, {"criteria": "cpe:2.3:a:tedfelix:acpid:1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "DE4A0A4D-A705-42D0-B6ED-839AD1E1654D", "vulnerable": true}, {"criteria": "cpe:2.3:a:tedfelix:acpid:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "31FBDC0D-23D1-4D6A-A04B-42F3044F67D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:tedfelix:acpid:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "27515319-B40F-46F6-9850-AF56D0DF46E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:tedfelix:acpid:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4A217BEA-9E4C-4CEF-8AFF-46A01AE5ACA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tedfelix:acpid:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "B26E4400-07F3-40F4-8E40-91A9A38BCD9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:tedfelix:acpid:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "44949FCD-B2F0-41EE-9714-161740CC734F", "vulnerable": true}, {"criteria": "cpe:2.3:a:tedfelix:acpid:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "CC73131B-B96A-43EA-9854-48D71582FFC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:tedfelix:acpid:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "A0E5388D-E751-4A75-935F-7B2056F24576", "vulnerable": true}, {"criteria": "cpe:2.3:a:tedfelix:acpid:2.06:*:*:*:*:*:*:*", "matchCriteriaId": "672CB3CB-4FBD-4B9F-8EBE-2A8D262D19D0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls."}, {"lang": "es", "value": "acpid.c de acpid en versiones anteriores a 2.0.9 no maneja apropiadamente una situaci\u00f3n en la que un proceso se ha conectado a un acpid.socket pero no est\u00e1 leyendo ning\u00fan dato, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (cuelgue del demonio) a trav\u00e9s de una aplicaci\u00f3n modificada que que realiza una llamada al sistema de conexi\u00f3n pero no de lectura."}], "id": "CVE-2011-1159", "lastModified": "2012-05-14T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-10-05T02:56:24.660", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059880.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060053.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42947"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44621"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/01/19/4"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/03/15/12"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/03/15/7"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/45915"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688698"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}