Rapid7 Vulnerability & Exploit Database

RHSA-2009:0474: acpid security update

Back to Search

RHSA-2009:0474: acpid security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
04/24/2009
Created
07/25/2018
Added
09/12/2009
Modified
07/04/2017

Description

acpid is a daemon that dispatches ACPI (Advanced Configuration and PowerInterface) events to user-space programs.Anthony de Almeida Lopes of Outpost24 AB reported a denial of service flawin the acpid daemon's error handling. If an attacker could exhaust thesockets open to acpid, the daemon would enter an infinite loop, consumingmost CPU resources and preventing acpid from communicating with legitimateprocesses. (CVE-2009-0798)Users are advised to upgrade to this updated package, which contains abackported patch to correct this issue.

Solution(s)

  • redhat-upgrade-acpid

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;