what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2008-0008

Status Candidate

Overview

The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.

Related Files

Gentoo Linux Security Advisory 200802-7
Posted Feb 13, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200802-07 - Marcus Meissner from SUSE reported that the pa_drop_root() function does not properly check the return value of the system calls setuid(), seteuid(), setresuid() and setreuid() when dropping its privileges. Versions less than 0.9.9 are affected.

tags | advisory
systems | linux, suse, gentoo
advisories | CVE-2008-0008
SHA-256 | 553d94f93fd8dffc1d3689adebc35253dc0332b26a4eee04b99e180726d42b7a
Download | Favorite | View
Ubuntu Security Notice 573-1
Posted Feb 1, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 573-1 - It was discovered that PulseAudio did not properly drop privileges when running as a daemon. Local users may be able to exploit this and gain privileges. The default Ubuntu configuration is not affected.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2008-0008
SHA-256 | ab4a2b7af6bc38fe408c4489d0f92d4d68b95e2bac578277fca47fe86dfd9211
Download | Favorite | View
Debian Linux Security Advisory 1476-1
Posted Jan 28, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1476-1 - Marcus Meissner discovered that the PulseAudio sound server performed insufficient checks when dropping privileges, which could lead to local privilege escalation.

tags | advisory, local
systems | linux, debian
advisories | CVE-2008-0008
SHA-256 | 79f4f6a4708e4996f23285eb55ae4f15bf089d97e6f67ead00f9b8de74101c61
Download | Favorite | View
Mandriva Linux Security Advisory 2008-027
Posted Jan 26, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A programming flaw was found in Pulseaudio versions older than 0.9.9, by which a local user can gain root access, if pulseaudio is installed as a setuid to root binary, which is the recommended configuration.

tags | advisory, local, root
systems | linux, mandriva
advisories | CVE-2008-0008
SHA-256 | 381c4f1e95696b6696489b294e2642f56831ceb6a838555eea63d08b0115a1d8
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close