Lucene search

[email protected]CVE-2009-1299

HistoryMar 18, 2010 - 5:30 p.m.

CVE-2009-1299

2010-03-1817:30:00

CWE-59

[email protected]

web.nvd.nist.gov

pulseaudio

vulnerability

pa_make_secure_dir

symlink attack

nvd

cve-2009-1299

6.1 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.

Affected configurations

NVD

Node

pulseaudiopulseaudioMatch0.9.10

pulseaudiopulseaudioMatch0.9.19

CPENameOperatorVersion
pulseaudio:pulseaudiopulseaudioeq0.9.10
pulseaudio:pulseaudiopulseaudioeq0.9.19

CPE	Name	Operator	Version
pulseaudio:pulseaudio	pulseaudio	eq	0.9.10
pulseaudio:pulseaudio	pulseaudio	eq	0.9.19

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615

git.0pointer.de/?p=pulseaudio.git%3Ba=patch%3Bh=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee

www.debian.org/security/2010/dsa-2017

www.mandriva.com/security/advisories?name=MDVSA-2010:124

www.vupen.com/english/advisories/2010/1570

bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008

6.1 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2009-1299

openvas6 debian2 nessus6 osv1 prion1 debiancve1 cvelist1 gentoo1 nvd1 ubuntucve1