CVE-2011-1159

Published: 4 October 2011

acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls.

Priority

Status

Package	Release	Status
acpid Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Released (1.0.10-5ubuntu2.2)
	maverick	Released (1.0.10-5ubuntu4.1)
	natty	Released (1:2.0.7-1ubuntu2.1)
	oneiric	Not vulnerable (1:2.0.10-1ubuntu2)
	upstream	Released (2.0.9)

References

http://www.openwall.com/lists/oss-security/2011/01/19/4
https://ubuntu.com/security/notices/USN-1234-1
https://www.cve.org/CVERecord?id=CVE-2011-1159
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=688698

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›