CVE-2008-0008
N/A
N/A
Summary
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:027
- http://www.securityfocus.com/bid/27449
- http://secunia.com/advisories/28623
- https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html
- http://pulseaudio.org/changeset/2100
- http://www.vupen.com/english/advisories/2008/0283
- http://bugs.gentoo.org/show_bug.cgi?id=207214
- http://www.debian.org/security/2008/dsa-1476
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html
- https://bugzilla.redhat.com/show_bug.cgi?id=425481
- http://security.gentoo.org/glsa/glsa-200802-07.xml
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html
- http://secunia.com/advisories/28738
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39992
- http://www.ubuntu.com/usn/usn-573-1
- http://secunia.com/advisories/28952
- http://secunia.com/advisories/28608
- https://bugzilla.novell.com/show_bug.cgi?id=347822
References
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:027
- http://www.securityfocus.com/bid/27449
- http://secunia.com/advisories/28623
- https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html
- http://pulseaudio.org/changeset/2100
- http://www.vupen.com/english/advisories/2008/0283
- http://bugs.gentoo.org/show_bug.cgi?id=207214
- http://www.debian.org/security/2008/dsa-1476
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html
- https://bugzilla.redhat.com/show_bug.cgi?id=425481
- http://security.gentoo.org/glsa/glsa-200802-07.xml
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html
- http://secunia.com/advisories/28738
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39992
- http://www.ubuntu.com/usn/usn-573-1
- http://secunia.com/advisories/28952
- http://secunia.com/advisories/28608
- https://bugzilla.novell.com/show_bug.cgi?id=347822
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.