Showing 1 - 4 of 4

CVE-2008-0008

Status Candidate

Overview

The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.

Related Files

Gentoo Linux Security Advisory 200802-7: Posted Feb 13, 2008; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200802-07 - Marcus Meissner from SUSE reported that the pa_drop_root() function does not properly check the return value of the system calls setuid(), seteuid(), setresuid() and setreuid() when dropping its privileges. Versions less than 0.9.9 are affected.; tags | advisory; systems | linux, suse, gentoo; advisories | CVE-2008-0008; SHA-256 | 553d94f93fd8dffc1d3689adebc35253dc0332b26a4eee04b99e180726d42b7a; Download | Favorite | View

Ubuntu Security Notice 573-1: Posted Feb 1, 2008; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 573-1 - It was discovered that PulseAudio did not properly drop privileges when running as a daemon. Local users may be able to exploit this and gain privileges. The default Ubuntu configuration is not affected.; tags | advisory, local; systems | linux, ubuntu; advisories | CVE-2008-0008; SHA-256 | ab4a2b7af6bc38fe408c4489d0f92d4d68b95e2bac578277fca47fe86dfd9211; Download | Favorite | View

Debian Linux Security Advisory 1476-1: Posted Jan 28, 2008; Authored by Debian | Site debian.org; Debian Security Advisory 1476-1 - Marcus Meissner discovered that the PulseAudio sound server performed insufficient checks when dropping privileges, which could lead to local privilege escalation.; tags | advisory, local; systems | linux, debian; advisories | CVE-2008-0008; SHA-256 | 79f4f6a4708e4996f23285eb55ae4f15bf089d97e6f67ead00f9b8de74101c61; Download | Favorite | View

Mandriva Linux Security Advisory 2008-027: Posted Jan 26, 2008; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory - A programming flaw was found in Pulseaudio versions older than 0.9.9, by which a local user can gain root access, if pulseaudio is installed as a setuid to root binary, which is the recommended configuration.; tags | advisory, local, root; systems | linux, mandriva; advisories | CVE-2008-0008; SHA-256 | 381c4f1e95696b6696489b294e2642f56831ceb6a838555eea63d08b0115a1d8; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 285 files
Ubuntu 66 files
Debian 23 files
LiquidWorm 10 files
Valentin Lobstein 10 files
nu11secur1ty 7 files
Google Security Research 4 files
Milad Karimi 4 files
Jann Horn 3 files
Lennert Preuth 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,025)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,485)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,706)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,480)
UNIX (9,394)
UnixWare (187)
Windows (6,653)
Other

CVE-2008-0008

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems