Mandriva Linux Security Advisory 2009-171 - Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that pulseaudio, when installed setuid root, does not drop privileges before re-executing itself to achieve immediate bindings. This can be exploited by a user who has write access to any directory on the file system containing /usr/bin to gain local root access. The user needs to exploit a race condition related to creating a hard link. This update provides fixes for this vulnerability.
849044bfba62baf25c7bf418a0814ff3799bad71d9160681d6e575fa4b939f3e
Debian Security Advisory 1838-1 - Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon does not drop privileges before re-executing itself, enabling local attackers to increase their privileges.
45a80afc1cf274d6f81ee8a06edb00e8789a356accc2864d719d6ad7602ddbe6
PulseAudio suffers from a local race condition privilege escalation vulnerability. Proof of concept exploit included.
426a9d852cba8a790cc64c95d7415f44eccf93c747b639ad6f192ca0c06f2302
Mandriva Linux Security Advisory 2009-152 - Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that pulseaudio, when installed setuid root, does not drop privileges before re-executing itself to achieve immediate bindings. This can be exploited by a user who has write access to any directory on the file system containing /usr/bin to gain local root access. The user needs to exploit a race condition related to creating a hard link. This update provides fixes for this vulnerability.
efef538e5448dc71abb6142f0dac1a1ee4d7d0e7534491b4dea526851e048f60
Ubuntu Security Notice USN-804-1 - Tavis Ormandy and Yorick Koster discovered that PulseAudio did not safely re-execute itself. A local attacker could exploit this to gain root privileges.
b8beb3fe604ec782db3bd384c85199c455906f54b4b92e94931ef02d23954d69
Gentoo Linux Security Advisory GLSA 200907-13 - A vulnerability in PulseAudio may allow a local user to execute code with escalated privileges. Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerability has independently been reported to oCERT by Yorick Koster. Versions less than 0.9.9-r54 are affected.
0845b919b201ac150850dea798592c3e2d37064dc4f6d888379d713a2eda6d3d