{"id": "FEDORA:M0OLXSV0022303", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 8 Update: pulseaudio-0.9.8-5.fc8", "description": "PulseAudio is a sound server for Linux and other Unix like operating systems. It is intended to be an improved drop-in replacement for the Enlightened Sound Daemon (ESOUND). ", "published": "2008-01-24T21:59:33", "modified": "2008-01-24T21:59:33", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2008-0008"], "lastseen": "2020-12-21T08:17:49", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0008"]}, {"type": "openvas", "idList": ["OPENVAS:840337", "OPENVAS:60269", "OPENVAS:860694", "OPENVAS:60384", "OPENVAS:860153", "OPENVAS:830655", "OPENVAS:1361412562310830655"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:18958", "SECURITYVULNS:VULN:8613"]}, {"type": "ubuntu", "idList": ["USN-573-1"]}, {"type": "gentoo", "idList": ["GLSA-200802-07"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1476-1:88A32"]}, {"type": "nessus", "idList": ["FEDORA_2008-0963.NASL", "MANDRIVA_MDVSA-2008-027.NASL", "GENTOO_GLSA-200802-07.NASL", "UBUNTU_USN-573-1.NASL", "DEBIAN_DSA-1476.NASL", "FEDORA_2008-0994.NASL"]}, {"type": "fedora", "idList": ["FEDORA:M0OM23WS022661"]}], "modified": "2020-12-21T08:17:49", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2020-12-21T08:17:49", "rev": 2}, "vulnersScore": 6.8}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "8", "arch": "any", "packageName": "pulseaudio", "packageVersion": "0.9.8", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"cve": [{"lastseen": "2020-10-03T11:50:56", "description": "The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.", "edition": 3, "cvss3": {}, "published": "2008-01-29T00:00:00", "title": "CVE-2008-0008", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0008"], "modified": "2017-07-29T01:34:00", "cpe": ["cpe:/a:pulseaudio:pulseaudio:0.9.6", "cpe:/a:pulseaudio:pulseaudio:0.9.8"], "id": "CVE-2008-0008", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0008", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:pulseaudio:pulseaudio:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:pulseaudio:pulseaudio:0.9.6:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T00:34:09", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0008"], "description": "It was discovered that PulseAudio did not properly drop privileges \nwhen running as a daemon. Local users may be able to exploit this \nand gain privileges. The default Ubuntu configuration is not \naffected.", "edition": 5, "modified": "2008-01-31T00:00:00", "published": "2008-01-31T00:00:00", "id": "USN-573-1", "href": "https://ubuntu.com/security/notices/USN-573-1", "title": "PulseAudio vulnerability", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-25T10:56:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0008"], "description": "Check for the Version of pulseaudio", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860153", "href": "http://plugins.openvas.org/nasl.php?oid=860153", "type": "openvas", "title": "Fedora Update for pulseaudio FEDORA-2008-0994", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pulseaudio FEDORA-2008-0994\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pulseaudio on Fedora 7\";\ntag_insight = \"PulseAudio is a sound server for Linux and other Unix like operating\n systems. It is intended to be an improved drop-in replacement for the\n Enlightened Sound Daemon (ESOUND).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html\");\n script_id(860153);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:12:43 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-0994\");\n script_cve_id(\"CVE-2008-0008\");\n script_name( \"Fedora Update for pulseaudio FEDORA-2008-0994\");\n\n script_summary(\"Check for the Version of pulseaudio\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-debuginfo\", rpm:\"pulseaudio-debuginfo~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-utils\", rpm:\"pulseaudio-utils~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-lib-devel\", rpm:\"pulseaudio-lib-devel~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-lib-zeroconf\", rpm:\"pulseaudio-lib-zeroconf~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-lib-glib2\", rpm:\"pulseaudio-lib-glib2~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-lib\", rpm:\"pulseaudio-lib~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-devel\", rpm:\"pulseaudio-devel~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-gconf\", rpm:\"pulseaudio-module-gconf~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-jack\", rpm:\"pulseaudio-module-jack~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-zeroconf\", rpm:\"pulseaudio-module-zeroconf~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-x11\", rpm:\"pulseaudio-module-x11~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-lirc\", rpm:\"pulseaudio-module-lirc~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-esound-compat\", rpm:\"pulseaudio-esound-compat~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-debuginfo\", rpm:\"pulseaudio-debuginfo~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-utils\", rpm:\"pulseaudio-utils~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-lib-devel\", rpm:\"pulseaudio-lib-devel~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-lib-zeroconf\", rpm:\"pulseaudio-lib-zeroconf~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-lib-glib2\", rpm:\"pulseaudio-lib-glib2~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-lib\", rpm:\"pulseaudio-lib~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-devel\", rpm:\"pulseaudio-devel~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-gconf\", rpm:\"pulseaudio-module-gconf~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-jack\", rpm:\"pulseaudio-module-jack~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-zeroconf\", rpm:\"pulseaudio-module-zeroconf~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-x11\", rpm:\"pulseaudio-module-x11~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-lirc\", rpm:\"pulseaudio-module-lirc~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-esound-compat\", rpm:\"pulseaudio-esound-compat~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.6~2.fc7.1\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0008"], "description": "Check for the Version of pulseaudio", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860694", "href": "http://plugins.openvas.org/nasl.php?oid=860694", "type": "openvas", "title": "Fedora Update for pulseaudio FEDORA-2008-0963", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pulseaudio FEDORA-2008-0963\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pulseaudio on Fedora 8\";\ntag_insight = \"PulseAudio is a sound server for Linux and other Unix like operating\n systems. It is intended to be an improved drop-in replacement for the\n Enlightened Sound Daemon (ESOUND).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html\");\n script_id(860694);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:12:43 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-0963\");\n script_cve_id(\"CVE-2008-0008\");\n script_name( \"Fedora Update for pulseaudio FEDORA-2008-0963\");\n\n script_summary(\"Check for the Version of pulseaudio\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-debuginfo\", rpm:\"pulseaudio-debuginfo~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-utils\", rpm:\"pulseaudio-utils~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-libs-devel\", rpm:\"pulseaudio-libs-devel~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-libs-zeroconf\", rpm:\"pulseaudio-libs-zeroconf~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-libs-glib2\", rpm:\"pulseaudio-libs-glib2~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-core-libs\", rpm:\"pulseaudio-core-libs~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-libs\", rpm:\"pulseaudio-libs~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-gconf\", rpm:\"pulseaudio-module-gconf~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-jack\", rpm:\"pulseaudio-module-jack~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-bluetooth\", rpm:\"pulseaudio-module-bluetooth~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-zeroconf\", rpm:\"pulseaudio-module-zeroconf~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-x11\", rpm:\"pulseaudio-module-x11~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-lirc\", rpm:\"pulseaudio-module-lirc~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-esound-compat\", rpm:\"pulseaudio-esound-compat~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-debuginfo\", rpm:\"pulseaudio-debuginfo~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-x11\", rpm:\"pulseaudio-module-x11~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-libs-zeroconf\", rpm:\"pulseaudio-libs-zeroconf~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-core-libs\", rpm:\"pulseaudio-core-libs~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-lirc\", rpm:\"pulseaudio-module-lirc~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-libs-glib2\", rpm:\"pulseaudio-libs-glib2~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-libs-devel\", rpm:\"pulseaudio-libs-devel~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-bluetooth\", rpm:\"pulseaudio-module-bluetooth~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-gconf\", rpm:\"pulseaudio-module-gconf~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-esound-compat\", rpm:\"pulseaudio-esound-compat~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-jack\", rpm:\"pulseaudio-module-jack~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-utils\", rpm:\"pulseaudio-utils~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-libs\", rpm:\"pulseaudio-libs~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio-module-zeroconf\", rpm:\"pulseaudio-module-zeroconf~0.9.8~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0008"], "description": "Check for the Version of pulseaudio", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830655", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830655", "type": "openvas", "title": "Mandriva Update for pulseaudio MDVSA-2008:027 (pulseaudio)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for pulseaudio MDVSA-2008:027 (pulseaudio)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A programming flaw was found in Pulseaudio versions older than 0.9.9,\n by which a local user can gain root access, if pulseaudio is installed\n as a setuid to root binary, which is the recommended configuration.\n\n The updated packages fix this issue.\";\n\ntag_affected = \"pulseaudio on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-01/msg00047.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830655\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:027\");\n script_cve_id(\"CVE-2008-0008\");\n script_name( \"Mandriva Update for pulseaudio MDVSA-2008:027 (pulseaudio)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of pulseaudio\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpulseaudio0\", rpm:\"libpulseaudio0~0.9.5~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpulseaudio0-devel\", rpm:\"libpulseaudio0-devel~0.9.5~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpulsecore2\", rpm:\"libpulsecore2~0.9.5~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.5~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pulseaudio0\", rpm:\"lib64pulseaudio0~0.9.5~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pulseaudio0-devel\", rpm:\"lib64pulseaudio0-devel~0.9.5~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pulsecore2\", rpm:\"lib64pulsecore2~0.9.5~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpulseaudio0\", rpm:\"libpulseaudio0~0.9.6~3.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpulseaudio0-devel\", rpm:\"libpulseaudio0-devel~0.9.6~3.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpulsecore3\", rpm:\"libpulsecore3~0.9.6~3.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.6~3.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pulseaudio0\", rpm:\"lib64pulseaudio0~0.9.6~3.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pulseaudio0-devel\", rpm:\"lib64pulseaudio0-devel~0.9.6~3.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pulsecore3\", rpm:\"lib64pulsecore3~0.9.6~3.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0008"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-573-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840337", "href": "http://plugins.openvas.org/nasl.php?oid=840337", "type": "openvas", "title": "Ubuntu Update for pulseaudio vulnerability USN-573-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_573_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for pulseaudio vulnerability USN-573-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that PulseAudio did not properly drop privileges\n when running as a daemon. Local users may be able to exploit this\n and gain privileges. The default Ubuntu configuration is not\n affected.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-573-1\";\ntag_affected = \"pulseaudio vulnerability on Ubuntu 7.04 ,\n Ubuntu 7.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-573-1/\");\n script_id(840337);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"573-1\");\n script_cve_id(\"CVE-2008-0008\");\n script_name( \"Ubuntu Update for pulseaudio vulnerability USN-573-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpulse-browse0\", ver:\"0.9.5-5ubuntu4.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpulse-dev\", ver:\"0.9.5-5ubuntu4.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpulse-mainloop-glib0\", ver:\"0.9.5-5ubuntu4.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpulse0\", ver:\"0.9.5-5ubuntu4.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pulseaudio-esound-compat\", ver:\"0.9.5-5ubuntu4.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pulseaudio\", ver:\"0.9.5-5ubuntu4.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pulseaudio-module-gconf\", ver:\"0.9.5-5ubuntu4.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pulseaudio-module-hal\", ver:\"0.9.5-5ubuntu4.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pulseaudio-module-lirc\", ver:\"0.9.5-5ubuntu4.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pulseaudio-module-x11\", ver:\"0.9.5-5ubuntu4.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pulseaudio-module-zeroconf\", ver:\"0.9.5-5ubuntu4.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pulseaudio-utils\", ver:\"0.9.5-5ubuntu4.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpulse-browse0\", ver:\"0.9.6-1ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpulse-dev\", ver:\"0.9.6-1ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpulse-mainloop-glib0\", ver:\"0.9.6-1ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpulse0\", ver:\"0.9.6-1ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pulseaudio-esound-compat\", ver:\"0.9.6-1ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pulseaudio\", ver:\"0.9.6-1ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pulseaudio-module-gconf\", ver:\"0.9.6-1ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pulseaudio-module-hal\", ver:\"0.9.6-1ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pulseaudio-module-lirc\", ver:\"0.9.6-1ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pulseaudio-module-x11\", ver:\"0.9.6-1ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pulseaudio-module-zeroconf\", ver:\"0.9.6-1ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pulseaudio-utils\", ver:\"0.9.6-1ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0008"], "description": "The remote host is missing an update to pulseaudio\nannounced via advisory DSA 1476-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-31T00:00:00", "id": "OPENVAS:60269", "href": "http://plugins.openvas.org/nasl.php?oid=60269", "type": "openvas", "title": "Debian Security Advisory DSA 1476-1 (pulseaudio)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1476_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1476-1 (pulseaudio)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Marcus Meissner discovered that the PulseAudio sound server performed\ninsufficent checks when dropping privileges, which could lead to local\nprivilege escalation.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.9.5-5etch1.\n\nThe old stable distribution (sarge) doesn't contain pulseaudio.\n\nWe recommend that you upgrade your pulseaudio packages.\";\ntag_summary = \"The remote host is missing an update to pulseaudio\nannounced via advisory DSA 1476-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201476-1\";\n\n\nif(description)\n{\n script_id(60269);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-31 19:16:52 +0100 (Thu, 31 Jan 2008)\");\n script_cve_id(\"CVE-2008-0008\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1476-1 (pulseaudio)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"pulseaudio-esound-compat\", ver:\"0.9.5-5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-gconf\", ver:\"0.9.5-5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-utils\", ver:\"0.9.5-5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse0\", ver:\"0.9.5-5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-dev\", ver:\"0.9.5-5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-zeroconf\", ver:\"0.9.5-5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-x11\", ver:\"0.9.5-5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-jack\", ver:\"0.9.5-5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-browse0\", ver:\"0.9.5-5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-lirc\", ver:\"0.9.5-5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio\", ver:\"0.9.5-5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pulseaudio-module-hal\", ver:\"0.9.5-5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpulse-mainloop-glib0\", ver:\"0.9.5-5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0008"], "description": "Check for the Version of pulseaudio", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830655", "href": "http://plugins.openvas.org/nasl.php?oid=830655", "type": "openvas", "title": "Mandriva Update for pulseaudio MDVSA-2008:027 (pulseaudio)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for pulseaudio MDVSA-2008:027 (pulseaudio)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A programming flaw was found in Pulseaudio versions older than 0.9.9,\n by which a local user can gain root access, if pulseaudio is installed\n as a setuid to root binary, which is the recommended configuration.\n\n The updated packages fix this issue.\";\n\ntag_affected = \"pulseaudio on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-01/msg00047.php\");\n script_id(830655);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:027\");\n script_cve_id(\"CVE-2008-0008\");\n script_name( \"Mandriva Update for pulseaudio MDVSA-2008:027 (pulseaudio)\");\n\n script_summary(\"Check for the Version of pulseaudio\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpulseaudio0\", rpm:\"libpulseaudio0~0.9.5~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpulseaudio0-devel\", rpm:\"libpulseaudio0-devel~0.9.5~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpulsecore2\", rpm:\"libpulsecore2~0.9.5~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.5~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pulseaudio0\", rpm:\"lib64pulseaudio0~0.9.5~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pulseaudio0-devel\", rpm:\"lib64pulseaudio0-devel~0.9.5~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pulsecore2\", rpm:\"lib64pulsecore2~0.9.5~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpulseaudio0\", rpm:\"libpulseaudio0~0.9.6~3.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpulseaudio0-devel\", rpm:\"libpulseaudio0-devel~0.9.6~3.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpulsecore3\", rpm:\"libpulsecore3~0.9.6~3.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.6~3.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pulseaudio0\", rpm:\"lib64pulseaudio0~0.9.6~3.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pulseaudio0-devel\", rpm:\"lib64pulseaudio0-devel~0.9.6~3.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pulsecore3\", rpm:\"lib64pulsecore3~0.9.6~3.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0008"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200802-07.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:60384", "href": "http://plugins.openvas.org/nasl.php?oid=60384", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200802-07 (pulseaudio)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in pulseaudio may allow a local user to execute actions\nwith escalated privileges.\";\ntag_solution = \"All Pulseaudio users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-sound/pulseaudio-0.9.9'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200802-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=207214\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200802-07.\";\n\n \n\nif(description)\n{\n script_id(60384);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-0008\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200802-07 (pulseaudio)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-sound/pulseaudio\", unaffected: make_list(\"ge 0.9.9\"), vulnerable: make_list(\"lt 0.9.9\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:56", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0008"], "description": "### Background\n\nPulseaudio is a networked sound server with an advanced plugin system. \n\n### Description\n\nMarcus Meissner from SUSE reported that the pa_drop_root() function does not properly check the return value of the system calls setuid(), seteuid(), setresuid() and setreuid() when dropping its privileges. \n\n### Impact\n\nA local attacker could cause a resource exhaustion to make the system calls fail, which would cause Pulseaudio to run as root. The attacker could then perform actions with root privileges. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Pulseaudio users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-sound/pulseaudio-0.9.9\"", "edition": 1, "modified": "2008-02-13T00:00:00", "published": "2008-02-13T00:00:00", "id": "GLSA-200802-07", "href": "https://security.gentoo.org/glsa/200802-07", "type": "gentoo", "title": "Pulseaudio: Privilege escalation", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:28", "bulletinFamily": "software", "cvelist": ["CVE-2008-0008"], "description": "setuid&#40;&#41; result is not checked.", "edition": 1, "modified": "2008-01-27T00:00:00", "published": "2008-01-27T00:00:00", "id": "SECURITYVULNS:VULN:8613", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8613", "title": "pulseuadio privilege escalation", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:24", "bulletinFamily": "software", "cvelist": ["CVE-2008-0008"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDVSA-2008:027\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : pulseaudio\r\n Date : January 25, 2008\r\n Affected: 2007.1, 2008.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n A programming flaw was found in Pulseaudio versions older than 0.9.9,\r\n by which a local user can gain root access, if pulseaudio is installed\r\n as a setuid to root binary, which is the recommended configuration.\r\n \r\n The updated packages fix this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0008\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2007.1:\r\n 52f138a98db13ca5eb3d9a37b9b8efe0 2007.1/i586/libpulseaudio0-0.9.5-1.2mdv2007.1.i586.rpm\r\n f48d1b6b61fa0c52406b76c010604f00 2007.1/i586/libpulseaudio0-devel-0.9.5-1.2mdv2007.1.i586.rpm\r\n baa1c32f82d6925d3533c4d848fe0785 2007.1/i586/libpulsecore2-0.9.5-1.2mdv2007.1.i586.rpm\r\n 55bbdfcca0c7809ee8a1e0ddf4b6e15d 2007.1/i586/pulseaudio-0.9.5-1.2mdv2007.1.i586.rpm \r\n 8e833b7c732943d2ef143e35acf2f4e1 2007.1/SRPMS/pulseaudio-0.9.5-1.2mdv2007.1.src.rpm\r\n\r\n Mandriva Linux 2007.1/X86_64:\r\n 25a669614bfe39badacd0e9c9adaa0ab 2007.1/x86_64/lib64pulseaudio0-0.9.5-1.2mdv2007.1.x86_64.rpm\r\n f93980d7641d4aafd0f51b83a665d9c3 2007.1/x86_64/lib64pulseaudio0-devel-0.9.5-1.2mdv2007.1.x86_64.rpm\r\n 0f1442574974705cb4508432c5d2a958 2007.1/x86_64/lib64pulsecore2-0.9.5-1.2mdv2007.1.x86_64.rpm\r\n 96f6df3186f6622e68178fc238a8396f 2007.1/x86_64/pulseaudio-0.9.5-1.2mdv2007.1.x86_64.rpm \r\n 8e833b7c732943d2ef143e35acf2f4e1 2007.1/SRPMS/pulseaudio-0.9.5-1.2mdv2007.1.src.rpm\r\n\r\n Mandriva Linux 2008.0:\r\n 47d86f290ace043d9afff832167fd4e9 2008.0/i586/libpulseaudio0-0.9.6-3.2mdv2008.0.i586.rpm\r\n 1b8bdf5f12c0b49700f99fa548af8097 2008.0/i586/libpulseaudio0-devel-0.9.6-3.2mdv2008.0.i586.rpm\r\n 0da7faa98ccb33abf6ab01be9196532a 2008.0/i586/libpulsecore3-0.9.6-3.2mdv2008.0.i586.rpm\r\n 134fdecb71eb1a9486be1fb50f2a9dd1 2008.0/i586/pulseaudio-0.9.6-3.2mdv2008.0.i586.rpm \r\n ec9296a94a1f5ddb68f07e1188ed6fbd 2008.0/SRPMS/pulseaudio-0.9.6-3.2mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n 32b199e39787b69263fb4ad12fc406f2 2008.0/x86_64/lib64pulseaudio0-0.9.6-3.2mdv2008.0.x86_64.rpm\r\n 290bc9b8b5088dc34dcb4bc759de0674 2008.0/x86_64/lib64pulseaudio0-devel-0.9.6-3.2mdv2008.0.x86_64.rpm\r\n 1156bbd6a875bfe3039dd4a4c0bbd7c3 2008.0/x86_64/lib64pulsecore3-0.9.6-3.2mdv2008.0.x86_64.rpm\r\n 2e4058e6aa6b0c87340e71b491f3f494 2008.0/x86_64/pulseaudio-0.9.6-3.2mdv2008.0.x86_64.rpm \r\n ec9296a94a1f5ddb68f07e1188ed6fbd 2008.0/SRPMS/pulseaudio-0.9.6-3.2mdv2008.0.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.8 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFHmlCKmqjQ0CJFipgRApSzAJ98ybCvdBytqs44lj4rhDhjNLeWjwCeObM6\r\nYuDhSanGTkSC5wxyBN23m0k=\r\n=CYxH\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2008-01-27T00:00:00", "published": "2008-01-27T00:00:00", "id": "SECURITYVULNS:DOC:18958", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18958", "title": "[ MDVSA-2008:027 ] - Updated pulseaudio packages fix local root vulnerability", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0008"], "description": "PulseAudio is a sound server for Linux and other Unix like operating systems. It is intended to be an improved drop-in replacement for the Enlightened Sound Daemon (ESOUND). ", "modified": "2008-01-24T22:02:07", "published": "2008-01-24T22:02:07", "id": "FEDORA:M0OM23WS022661", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: pulseaudio-0.9.6-2.fc7.1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-06T09:44:55", "description": "Marcus Meissner discovered that the PulseAudio sound server performed\ninsufficient checks when dropping privileges, which could lead to\nlocal privilege escalation.", "edition": 26, "published": "2008-01-29T00:00:00", "title": "Debian DSA-1476-1 : pulseaudio - programming error", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0008"], "modified": "2008-01-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:pulseaudio"], "id": "DEBIAN_DSA-1476.NASL", "href": "https://www.tenable.com/plugins/nessus/30111", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1476. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30111);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-0008\");\n script_xref(name:\"DSA\", value:\"1476\");\n\n script_name(english:\"Debian DSA-1476-1 : pulseaudio - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Marcus Meissner discovered that the PulseAudio sound server performed\ninsufficient checks when dropping privileges, which could lead to\nlocal privilege escalation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1476\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the pulseaudio packages.\n\nThe old stable distribution (sarge) doesn't contain pulseaudio.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.9.5-5etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pulseaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libpulse-browse0\", reference:\"0.9.5-5etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libpulse-dev\", reference:\"0.9.5-5etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libpulse-mainloop-glib0\", reference:\"0.9.5-5etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libpulse0\", reference:\"0.9.5-5etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pulseaudio\", reference:\"0.9.5-5etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pulseaudio-esound-compat\", reference:\"0.9.5-5etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pulseaudio-module-gconf\", reference:\"0.9.5-5etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pulseaudio-module-hal\", reference:\"0.9.5-5etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pulseaudio-module-jack\", reference:\"0.9.5-5etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pulseaudio-module-lirc\", reference:\"0.9.5-5etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pulseaudio-module-x11\", reference:\"0.9.5-5etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pulseaudio-module-zeroconf\", reference:\"0.9.5-5etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pulseaudio-utils\", reference:\"0.9.5-5etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:51:49", "description": "A programming flaw was found in Pulseaudio versions older than 0.9.9,\nby which a local user can gain root access, if pulseaudio is installed\nas a setuid to root binary, which is the recommended configuration.\n\nThe updated packages fix this issue.", "edition": 24, "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : pulseaudio (MDVSA-2008:027)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0008"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libpulseaudio0-devel", "p-cpe:/a:mandriva:linux:pulseaudio", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:lib64pulsecore2", "p-cpe:/a:mandriva:linux:libpulseaudio0", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:lib64pulseaudio0", "p-cpe:/a:mandriva:linux:libpulsecore2", "p-cpe:/a:mandriva:linux:libpulsecore3", "p-cpe:/a:mandriva:linux:lib64pulsecore3", "p-cpe:/a:mandriva:linux:lib64pulseaudio0-devel"], "id": "MANDRIVA_MDVSA-2008-027.NASL", "href": "https://www.tenable.com/plugins/nessus/37092", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:027. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37092);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0008\");\n script_xref(name:\"MDVSA\", value:\"2008:027\");\n\n script_name(english:\"Mandriva Linux Security Advisory : pulseaudio (MDVSA-2008:027)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A programming flaw was found in Pulseaudio versions older than 0.9.9,\nby which a local user can gain root access, if pulseaudio is installed\nas a setuid to root binary, which is the recommended configuration.\n\nThe updated packages fix this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pulseaudio0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pulseaudio0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pulsecore2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pulsecore3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpulseaudio0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpulseaudio0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpulsecore2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpulsecore3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pulseaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64pulseaudio0-0.9.5-1.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64pulseaudio0-devel-0.9.5-1.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64pulsecore2-0.9.5-1.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libpulseaudio0-0.9.5-1.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libpulseaudio0-devel-0.9.5-1.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libpulsecore2-0.9.5-1.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"pulseaudio-0.9.5-1.2mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64pulseaudio0-0.9.6-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64pulseaudio0-devel-0.9.6-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64pulsecore3-0.9.6-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpulseaudio0-0.9.6-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpulseaudio0-devel-0.9.6-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpulsecore3-0.9.6-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pulseaudio-0.9.6-3.2mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:19", "description": "The remote host is affected by the vulnerability described in GLSA-200802-07\n(Pulseaudio: Privilege escalation)\n\n Marcus Meissner from SUSE reported that the pa_drop_root() function\n does not properly check the return value of the system calls setuid(),\n seteuid(), setresuid() and setreuid() when dropping its privileges.\n \nImpact :\n\n A local attacker could cause a resource exhaustion to make the system\n calls fail, which would cause Pulseaudio to run as root. The attacker\n could then perform actions with root privileges.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2008-02-14T00:00:00", "title": "GLSA-200802-07 : Pulseaudio: Privilege escalation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0008"], "modified": "2008-02-14T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:pulseaudio"], "id": "GENTOO_GLSA-200802-07.NASL", "href": "https://www.tenable.com/plugins/nessus/31085", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200802-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31085);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0008\");\n script_xref(name:\"GLSA\", value:\"200802-07\");\n\n script_name(english:\"GLSA-200802-07 : Pulseaudio: Privilege escalation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200802-07\n(Pulseaudio: Privilege escalation)\n\n Marcus Meissner from SUSE reported that the pa_drop_root() function\n does not properly check the return value of the system calls setuid(),\n seteuid(), setresuid() and setreuid() when dropping its privileges.\n \nImpact :\n\n A local attacker could cause a resource exhaustion to make the system\n calls fail, which would cause Pulseaudio to run as root. The attacker\n could then perform actions with root privileges.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200802-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Pulseaudio users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-sound/pulseaudio-0.9.9'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pulseaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-sound/pulseaudio\", unaffected:make_list(\"ge 0.9.9\"), vulnerable:make_list(\"lt 0.9.9\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Pulseaudio\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:18", "description": " - Wed Jan 23 2008 Lubomir Kundrak <lkundrak at redhat.com>\n 0.9.8-5\n\n - Fix CVE-2008-0008 security issue (#425481)\n\n - Sun Jan 13 2008 Lubomir Kundrak <lkundrak at\n redhat.com> 0.9.8-4.1\n\n - Actually add content to\n pulseaudio-0.9.8-create-dot-pulse.patch\n\n - Make the Source0 tag point to URL instead of a local\n file\n\n - Drop the nochown patch; it's not applied at all and no\n longer needed\n\n - Thu Nov 29 2007 Lennart Poettering <lpoetter at\n redhat.com> 0.9.8-4\n\n - add missing dependency on pulseaudio-utils for\n pulseaudio-module-x11\n\n - Thu Nov 29 2007 Lennart Poettering <lpoetter at\n redhat.com> 0.9.8-3\n\n - Create ~/.pulse/ if non-existent\n\n - Thu Nov 29 2007 Lennart Poettering <lpoetter at\n redhat.com> 0.9.8-2\n\n - Add missing dependency on\n jack-audio-connection-kit-devel\n\n - Wed Nov 28 2007 Lennart Poettering <lpoetter at\n redhat.com> 0.9.8-1\n\n - Upgrade to current upstream\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2008-01-27T00:00:00", "title": "Fedora 8 : pulseaudio-0.9.8-5.fc8 (2008-0963)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0008"], "modified": "2008-01-27T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pulseaudio-libs", "p-cpe:/a:fedoraproject:fedora:pulseaudio-module-gconf", "p-cpe:/a:fedoraproject:fedora:pulseaudio-module-lirc", "p-cpe:/a:fedoraproject:fedora:pulseaudio", "cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:pulseaudio-libs-glib2", "p-cpe:/a:fedoraproject:fedora:pulseaudio-module-bluetooth", "p-cpe:/a:fedoraproject:fedora:pulseaudio-libs-zeroconf", "p-cpe:/a:fedoraproject:fedora:pulseaudio-utils", "p-cpe:/a:fedoraproject:fedora:pulseaudio-module-zeroconf", "p-cpe:/a:fedoraproject:fedora:pulseaudio-module-jack", "p-cpe:/a:fedoraproject:fedora:pulseaudio-debuginfo", "p-cpe:/a:fedoraproject:fedora:pulseaudio-esound-compat", "p-cpe:/a:fedoraproject:fedora:pulseaudio-libs-devel", "p-cpe:/a:fedoraproject:fedora:pulseaudio-module-x11", "p-cpe:/a:fedoraproject:fedora:pulseaudio-core-libs"], "id": "FEDORA_2008-0963.NASL", "href": "https://www.tenable.com/plugins/nessus/30084", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-0963.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30084);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0008\");\n script_xref(name:\"FEDORA\", value:\"2008-0963\");\n\n script_name(english:\"Fedora 8 : pulseaudio-0.9.8-5.fc8 (2008-0963)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Jan 23 2008 Lubomir Kundrak <lkundrak at redhat.com>\n 0.9.8-5\n\n - Fix CVE-2008-0008 security issue (#425481)\n\n - Sun Jan 13 2008 Lubomir Kundrak <lkundrak at\n redhat.com> 0.9.8-4.1\n\n - Actually add content to\n pulseaudio-0.9.8-create-dot-pulse.patch\n\n - Make the Source0 tag point to URL instead of a local\n file\n\n - Drop the nochown patch; it's not applied at all and no\n longer needed\n\n - Thu Nov 29 2007 Lennart Poettering <lpoetter at\n redhat.com> 0.9.8-4\n\n - add missing dependency on pulseaudio-utils for\n pulseaudio-module-x11\n\n - Thu Nov 29 2007 Lennart Poettering <lpoetter at\n redhat.com> 0.9.8-3\n\n - Create ~/.pulse/ if non-existent\n\n - Thu Nov 29 2007 Lennart Poettering <lpoetter at\n redhat.com> 0.9.8-2\n\n - Add missing dependency on\n jack-audio-connection-kit-devel\n\n - Wed Nov 28 2007 Lennart Poettering <lpoetter at\n redhat.com> 0.9.8-1\n\n - Upgrade to current upstream\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=425481\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-January/007205.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3872f747\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-core-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-esound-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-libs-glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-libs-zeroconf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-module-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-module-gconf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-module-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-module-lirc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-module-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-module-zeroconf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"pulseaudio-0.9.8-5.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"pulseaudio-core-libs-0.9.8-5.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"pulseaudio-debuginfo-0.9.8-5.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"pulseaudio-esound-compat-0.9.8-5.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"pulseaudio-libs-0.9.8-5.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"pulseaudio-libs-devel-0.9.8-5.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"pulseaudio-libs-glib2-0.9.8-5.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"pulseaudio-libs-zeroconf-0.9.8-5.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"pulseaudio-module-bluetooth-0.9.8-5.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"pulseaudio-module-gconf-0.9.8-5.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"pulseaudio-module-jack-0.9.8-5.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"pulseaudio-module-lirc-0.9.8-5.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"pulseaudio-module-x11-0.9.8-5.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"pulseaudio-module-zeroconf-0.9.8-5.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"pulseaudio-utils-0.9.8-5.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pulseaudio / pulseaudio-core-libs / pulseaudio-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:18", "description": " - Wed Jan 23 2008 Lubomir Kundrak <lkundrak at redhat.com>\n 0.9.6-2.1\n\n - Fix CVE-2008-0008 security issue (#425481)\n\n - Tue May 29 2007 Pierre Ossman <drzeus at drzeus.cx>\n 0.9.6-2\n\n - Add libatomic_ops-devel as a build requirement.\n\n - Tue May 29 2007 Pierre Ossman <drzeus at drzeus.cx>\n 0.9.6-1\n\n - Upgrade to 0.9.6.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2008-01-27T00:00:00", "title": "Fedora 7 : pulseaudio-0.9.6-2.fc7.1 (2008-0994)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0008"], "modified": "2008-01-27T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pulseaudio-lib", "p-cpe:/a:fedoraproject:fedora:pulseaudio-module-gconf", "cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:pulseaudio-lib-devel", "p-cpe:/a:fedoraproject:fedora:pulseaudio-lib-glib2", "p-cpe:/a:fedoraproject:fedora:pulseaudio-module-lirc", "p-cpe:/a:fedoraproject:fedora:pulseaudio", "p-cpe:/a:fedoraproject:fedora:pulseaudio-utils", "p-cpe:/a:fedoraproject:fedora:pulseaudio-module-zeroconf", "p-cpe:/a:fedoraproject:fedora:pulseaudio-module-jack", "p-cpe:/a:fedoraproject:fedora:pulseaudio-lib-zeroconf", "p-cpe:/a:fedoraproject:fedora:pulseaudio-devel", "p-cpe:/a:fedoraproject:fedora:pulseaudio-debuginfo", "p-cpe:/a:fedoraproject:fedora:pulseaudio-esound-compat", "p-cpe:/a:fedoraproject:fedora:pulseaudio-module-x11"], "id": "FEDORA_2008-0994.NASL", "href": "https://www.tenable.com/plugins/nessus/30085", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-0994.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30085);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0008\");\n script_xref(name:\"FEDORA\", value:\"2008-0994\");\n\n script_name(english:\"Fedora 7 : pulseaudio-0.9.6-2.fc7.1 (2008-0994)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Jan 23 2008 Lubomir Kundrak <lkundrak at redhat.com>\n 0.9.6-2.1\n\n - Fix CVE-2008-0008 security issue (#425481)\n\n - Tue May 29 2007 Pierre Ossman <drzeus at drzeus.cx>\n 0.9.6-2\n\n - Add libatomic_ops-devel as a build requirement.\n\n - Tue May 29 2007 Pierre Ossman <drzeus at drzeus.cx>\n 0.9.6-1\n\n - Upgrade to 0.9.6.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=425481\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-January/007222.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e76b76dc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-esound-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-lib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-lib-glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-lib-zeroconf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-module-gconf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-module-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-module-lirc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-module-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-module-zeroconf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pulseaudio-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"pulseaudio-0.9.6-2.fc7.1\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"pulseaudio-debuginfo-0.9.6-2.fc7.1\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"pulseaudio-devel-0.9.6-2.fc7.1\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"pulseaudio-esound-compat-0.9.6-2.fc7.1\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"pulseaudio-lib-0.9.6-2.fc7.1\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"pulseaudio-lib-devel-0.9.6-2.fc7.1\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"pulseaudio-lib-glib2-0.9.6-2.fc7.1\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"pulseaudio-lib-zeroconf-0.9.6-2.fc7.1\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"pulseaudio-module-gconf-0.9.6-2.fc7.1\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"pulseaudio-module-jack-0.9.6-2.fc7.1\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"pulseaudio-module-lirc-0.9.6-2.fc7.1\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"pulseaudio-module-x11-0.9.6-2.fc7.1\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"pulseaudio-module-zeroconf-0.9.6-2.fc7.1\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"pulseaudio-utils-0.9.6-2.fc7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pulseaudio / pulseaudio-debuginfo / pulseaudio-devel / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:44:08", "description": "It was discovered that PulseAudio did not properly drop privileges\nwhen running as a daemon. Local users may be able to exploit this and\ngain privileges. The default Ubuntu configuration is not affected.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2008-02-01T00:00:00", "title": "Ubuntu 7.04 / 7.10 : pulseaudio vulnerability (USN-573-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0008"], "modified": "2008-02-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:7.10", "p-cpe:/a:canonical:ubuntu_linux:libpulse-mainloop-glib0", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-esound-compat", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-hal", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-x11", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-gconf", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-zeroconf", "p-cpe:/a:canonical:ubuntu_linux:libpulse-browse0", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-lirc", "p-cpe:/a:canonical:ubuntu_linux:pulseaudio-utils", "p-cpe:/a:canonical:ubuntu_linux:libpulse-dev", "p-cpe:/a:canonical:ubuntu_linux:libpulse0", "cpe:/o:canonical:ubuntu_linux:7.04"], "id": "UBUNTU_USN-573-1.NASL", "href": "https://www.tenable.com/plugins/nessus/30147", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-573-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30147);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-0008\");\n script_xref(name:\"USN\", value:\"573-1\");\n\n script_name(english:\"Ubuntu 7.04 / 7.10 : pulseaudio vulnerability (USN-573-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that PulseAudio did not properly drop privileges\nwhen running as a daemon. Local users may be able to exploit this and\ngain privileges. The default Ubuntu configuration is not affected.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/573-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpulse-browse0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpulse-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpulse-mainloop-glib0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpulse0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-esound-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-gconf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-hal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-lirc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-module-zeroconf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pulseaudio-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(7\\.04|7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 7.04 / 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libpulse-browse0\", pkgver:\"0.9.5-5ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libpulse-dev\", pkgver:\"0.9.5-5ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libpulse-mainloop-glib0\", pkgver:\"0.9.5-5ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libpulse0\", pkgver:\"0.9.5-5ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"pulseaudio\", pkgver:\"0.9.5-5ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"pulseaudio-esound-compat\", pkgver:\"0.9.5-5ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"pulseaudio-module-gconf\", pkgver:\"0.9.5-5ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"pulseaudio-module-hal\", pkgver:\"0.9.5-5ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"pulseaudio-module-lirc\", pkgver:\"0.9.5-5ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"pulseaudio-module-x11\", pkgver:\"0.9.5-5ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"pulseaudio-module-zeroconf\", pkgver:\"0.9.5-5ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"pulseaudio-utils\", pkgver:\"0.9.5-5ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libpulse-browse0\", pkgver:\"0.9.6-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libpulse-dev\", pkgver:\"0.9.6-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libpulse-mainloop-glib0\", pkgver:\"0.9.6-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libpulse0\", pkgver:\"0.9.6-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"pulseaudio\", pkgver:\"0.9.6-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"pulseaudio-esound-compat\", pkgver:\"0.9.6-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"pulseaudio-module-gconf\", pkgver:\"0.9.6-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"pulseaudio-module-hal\", pkgver:\"0.9.6-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"pulseaudio-module-lirc\", pkgver:\"0.9.6-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"pulseaudio-module-x11\", pkgver:\"0.9.6-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"pulseaudio-module-zeroconf\", pkgver:\"0.9.6-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"pulseaudio-utils\", pkgver:\"0.9.6-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpulse-browse0 / libpulse-dev / libpulse-mainloop-glib0 / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:28:19", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0008"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1476-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 27, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : pulseaudio\nVulnerability : programming error\nProblem type : local\nDebian-specific: no\nCVE Id(s) : CVE-2008-0008\n\nMarcus Meissner discovered that the PulseAudio sound server performed\ninsufficent checks when dropping privileges, which could lead to local\nprivilege escalation.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.9.5-5etch1.\n\nThe old stable distribution (sarge) doesn&#x27;t contain pulseaudio.\n\nWe recommend that you upgrade your pulseaudio packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1.dsc\n Size/MD5 checksum: 1233 b34fa2bde59f7573cd7d98e4a4fd3bbb\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1.diff.gz\n Size/MD5 checksum: 13795 1e33e53f8b7039660703b69e540c3134\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_alpha.deb\n Size/MD5 checksum: 26246 26ac18428582ba9bddaa068dac554ef3\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_alpha.deb\n Size/MD5 checksum: 12124 be7c5020f14ab1d4d42c25971a9cd3d5\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_alpha.deb\n Size/MD5 checksum: 51694 96bf106f9eaa2b2886f232b67640459c\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_alpha.deb\n Size/MD5 checksum: 104558 569dbf3b38743366faf06614190b8ae3\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_alpha.deb\n Size/MD5 checksum: 234580 b63b7003e66b575b3a1bc8f01586f2a8\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_alpha.deb\n Size/MD5 checksum: 13292 1d13960e7259bcad75f1982de28b499c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_alpha.deb\n Size/MD5 checksum: 14994 99dc8bdcdf59d406bcc04848636b9137\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_alpha.deb\n Size/MD5 checksum: 14112 98f49ae5f1450f6ba083cf8da8181b39\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_alpha.deb\n Size/MD5 checksum: 10326 7348c8cf21069977254cb2396f5d116b\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_alpha.deb\n Size/MD5 checksum: 8480 5a10c706a46cef310605427e0bd07c70\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_alpha.deb\n Size/MD5 checksum: 333462 27bbb8db2410e576cb62ff19ef3e3303\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_alpha.deb\n Size/MD5 checksum: 14080 aacb5a84922cec35b9fecab4e67cb931\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_alpha.deb\n Size/MD5 checksum: 10140 c7d693e9c7386de3cf3e8110a47c79b2\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_amd64.deb\n Size/MD5 checksum: 13826 578fd8db92fbe7e3de290485ff95e303\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_amd64.deb\n Size/MD5 checksum: 49936 b3f6ddebe15fca4168ce83776dde3f01\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_amd64.deb\n Size/MD5 checksum: 11710 6553e8f4e1f9961cda0442e41f1947a1\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_amd64.deb\n Size/MD5 checksum: 10638 daf963fde23467906c0106d9e1418785\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_amd64.deb\n Size/MD5 checksum: 13504 1dd34b9d03e8dd2c3a52d2aac14db451\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_amd64.deb\n Size/MD5 checksum: 26506 2ea8fee1df14bc165652b9a21929a9ae\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_amd64.deb\n Size/MD5 checksum: 10472 c7a35c424c2e727097583c615d1b94d5\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_amd64.deb\n Size/MD5 checksum: 179602 a78b117537b5127dd963b22357666af2\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_amd64.deb\n Size/MD5 checksum: 8272 2cf3ec52c708269d7cbc31f88ac2d80b\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_amd64.deb\n Size/MD5 checksum: 331246 d2110a116bcea0aab87f6bfca7dea46e\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_amd64.deb\n Size/MD5 checksum: 13964 76e40243bbcbdc5291b7c34e6c22bea6\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_amd64.deb\n Size/MD5 checksum: 14854 480a6e8e58773afb43831ac3feeead52\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_amd64.deb\n Size/MD5 checksum: 107352 0a4f8784469c13aae47e4345b9c437e0\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_arm.deb\n Size/MD5 checksum: 11048 a0d20bf2035a5bd5dd619687e66a9c8a\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_arm.deb\n Size/MD5 checksum: 93116 098eff163b4a8ad8d27c3ce29ca16923\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_arm.deb\n Size/MD5 checksum: 10814 9362f403a530a83777159a1bcf93e183\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_arm.deb\n Size/MD5 checksum: 12310 f1aac2d54b5173dea44885d7750e097e\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_arm.deb\n Size/MD5 checksum: 12226 8c54d4d198375dd9a3c3287d37877e41\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_arm.deb\n Size/MD5 checksum: 13814 f27fbb2ba7902c287c9bbd48d5079d7e\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_arm.deb\n Size/MD5 checksum: 9590 2646570ddfb1d93a9910664dd4613f16\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_arm.deb\n Size/MD5 checksum: 290400 7f952e628a10a367c844466b7618901c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_arm.deb\n Size/MD5 checksum: 12862 095d6627a244b6d7aa5a75c04b176add\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_arm.deb\n Size/MD5 checksum: 46234 e85a1d154ff40302d3e0be940132add7\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_arm.deb\n Size/MD5 checksum: 23806 f04c556c74b6454a64ee06785258b489\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_arm.deb\n Size/MD5 checksum: 7922 1c290875056f6a7946705fdbf2c90d51\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_arm.deb\n Size/MD5 checksum: 158780 f0c89a4019d3e18a3b80f3268db4d882\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_hppa.deb\n Size/MD5 checksum: 111242 54c36a80ae9bed189575e3aaf2c95608\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_hppa.deb\n Size/MD5 checksum: 11084 62d1f5ab6377cccf2803a1738ff0ac05\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_hppa.deb\n Size/MD5 checksum: 54510 1be7659e6bc6515b1a76b711fa246437\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_hppa.deb\n Size/MD5 checksum: 14728 1562e6d7751ed10a82938df9708b3929\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_hppa.deb\n Size/MD5 checksum: 8838 ab60a2d0d3f94f5480a03973e2da1b65\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_hppa.deb\n Size/MD5 checksum: 15730 82d69961f22dc85448dbf71e32e4dbab\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_hppa.deb\n Size/MD5 checksum: 198326 7075968157e3ba2cfaeb4685071e779e\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_hppa.deb\n Size/MD5 checksum: 14188 7b5af25ab5157987096e8c76a98f94e5\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_hppa.deb\n Size/MD5 checksum: 14338 387c480faaafe23c7d27df937540b1a9\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_hppa.deb\n Size/MD5 checksum: 27416 a425644bb55eb172e7bbd650278e5fb5\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_hppa.deb\n Size/MD5 checksum: 12650 8db7161b902ae31b089b319333ec6ad4\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_hppa.deb\n Size/MD5 checksum: 341878 85c3887e6a81c5fee2b5621f285f8c5e\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_hppa.deb\n Size/MD5 checksum: 12416 7a006bbaee890fc9f99c2eda4cffa612\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_i386.deb\n Size/MD5 checksum: 291984 32898413c48b4d49a22bd051c4212f3f\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_i386.deb\n Size/MD5 checksum: 12766 61b203e2237645276801db7e8ee72531\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_i386.deb\n Size/MD5 checksum: 8042 1a9b20dfb185843d73db6810ae895fc2\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_i386.deb\n Size/MD5 checksum: 9872 26193c70cb04f3952a31749c4dfaa552\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_i386.deb\n Size/MD5 checksum: 47566 97462f144fe0a656eba26a30ddfe3678\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_i386.deb\n Size/MD5 checksum: 12780 d3bec4695f2c1db67d5d87ef0b1e1f9e\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_i386.deb\n Size/MD5 checksum: 98194 bad5b868a0208e9c9df50e3a1a6a791e\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_i386.deb\n Size/MD5 checksum: 12560 51658e134d4f3b6d6c8a493854e327f0\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_i386.deb\n Size/MD5 checksum: 10146 3165b1384d15df98ccbf4a35107cc93e\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_i386.deb\n Size/MD5 checksum: 11298 bd022b089360cd5ba98a7a03e4ce8c91\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_i386.deb\n Size/MD5 checksum: 161382 5a0e2b280c74f8a7962aa73b6c8eec30\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_i386.deb\n Size/MD5 checksum: 13884 8f0faed0aea194deeaa3f040713e3c6e\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_i386.deb\n Size/MD5 checksum: 24544 a40262f58ad280ae689913380adee18f\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_ia64.deb\n Size/MD5 checksum: 17348 141ef04b628426bb5e30ee429a35b6d3\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_ia64.deb\n Size/MD5 checksum: 16380 a2b13cc815e269e73650cfd60fc7b7e9\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_ia64.deb\n Size/MD5 checksum: 139466 497653203b1893715352d817f8dbb0ed\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_ia64.deb\n Size/MD5 checksum: 13962 2302eb79bf36a48a3718ffcff220f0fa\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_ia64.deb\n Size/MD5 checksum: 71274 801f77ce5d813d940a420a43c47a5024\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_ia64.deb\n Size/MD5 checksum: 12704 657041da30c3161864288c49e4f0bf5c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_ia64.deb\n Size/MD5 checksum: 9552 9a90052fb92e1d2f65b51a72c36c609d\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_ia64.deb\n Size/MD5 checksum: 33080 a4941a97f2b0fc3244cac0150ed32b35\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_ia64.deb\n Size/MD5 checksum: 12608 890dfdcd017c734181896a864acc52ed\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_ia64.deb\n Size/MD5 checksum: 15820 6e92859fff30f611d9670e051f915fe1\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_ia64.deb\n Size/MD5 checksum: 16432 de732fe14a9358ba4dccfb60827ceb6c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_ia64.deb\n Size/MD5 checksum: 423326 2c6367ce7c652556b675eb6bb7e46123\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_ia64.deb\n Size/MD5 checksum: 246556 1894a9180f68abdf21ae96b908d9b0d0\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_mips.deb\n Size/MD5 checksum: 91420 8057beaf4e3f2c25971ee56bc2b797a9\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_mips.deb\n Size/MD5 checksum: 12906 53ceb42f6d0bd240c9ec231f92eef2b6\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_mips.deb\n Size/MD5 checksum: 12318 846be755612e2d8ee864721585e80ce5\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_mips.deb\n Size/MD5 checksum: 8150 344a7db0984ded84cb4506094d6e3ad9\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_mips.deb\n Size/MD5 checksum: 13934 a560804aa6cfa5dedd1ca18f801334f2\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_mips.deb\n Size/MD5 checksum: 47706 d8408325b113b70059f12c0bd3b51e2a\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_mips.deb\n Size/MD5 checksum: 10458 284ba26c3970616cf807ee1ae0c5af8a\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_mips.deb\n Size/MD5 checksum: 24154 3a357eb463de655206e1b91d595b770b\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_mips.deb\n Size/MD5 checksum: 12398 d816087eafa8817c433ad7cfc986a195\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_mips.deb\n Size/MD5 checksum: 9704 ee1c60f17ae2722268cc0e16b92492f3\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_mips.deb\n Size/MD5 checksum: 283546 84617d1c69662db1a8ccc0d726c54efa\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_mips.deb\n Size/MD5 checksum: 195526 971a39fd64d1a238800768dac0adcfcc\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_mips.deb\n Size/MD5 checksum: 11616 583e54c6b4b46448a517516a98c8a1d3\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_mipsel.deb\n Size/MD5 checksum: 286058 c544f0b84472f06a0bb1a9168d97172a\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_mipsel.deb\n Size/MD5 checksum: 8140 fbc6b74842aee1cb8ce02d4a04449147\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_mipsel.deb\n Size/MD5 checksum: 12338 0c9a3e6e923a64b63d93fe7144ee71a5\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_mipsel.deb\n Size/MD5 checksum: 12924 2f448ce1f1f3efaac7ad331c0a0a7675\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_mipsel.deb\n Size/MD5 checksum: 93150 3773f063ebacc40610eae6a87efb9635\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_mipsel.deb\n Size/MD5 checksum: 11640 867c37100d6d3d599cb0087154e695e7\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_mipsel.deb\n Size/MD5 checksum: 197852 8d0751903f32ac85d79f7c7079bd538c\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_mipsel.deb\n Size/MD5 checksum: 10470 ffe9677a8876bd79c9a90b68fc9e83ed\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_mipsel.deb\n Size/MD5 checksum: 9752 97b0505e6f8be78d588419bfa983a5ca\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_mipsel.deb\n Size/MD5 checksum: 47858 3d156b29744730cfdf580492409ed18e\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_mipsel.deb\n Size/MD5 checksum: 13948 a23f635d74e3fd6a161259cc8d7aff0d\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_mipsel.deb\n Size/MD5 checksum: 24258 7a82a47f649cde4bc30ffeb7851f6ca6\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_mipsel.deb\n Size/MD5 checksum: 12328 12bc5183aeb0556c6cfd93f0ef9cf35e\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_powerpc.deb\n Size/MD5 checksum: 18728 33bd26b58a6a3236a9fad6d5e8cbbea7\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_powerpc.deb\n Size/MD5 checksum: 15326 945c8fe4ba486a3d1f5fb8a10313ba57\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_powerpc.deb\n Size/MD5 checksum: 12188 2da2a35d12e9d7de560a510d176539d5\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_powerpc.deb\n Size/MD5 checksum: 13976 2779cefd3e1d9dd52298e3488a43448a\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_powerpc.deb\n Size/MD5 checksum: 11614 6bc10d2d0eb9ca8f550711edca6423d8\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_powerpc.deb\n Size/MD5 checksum: 15284 491eaa3c20d0959cdd04641656d8addf\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_powerpc.deb\n Size/MD5 checksum: 354844 c31fea45dc96160c13a7b66a060d634a\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_powerpc.deb\n Size/MD5 checksum: 15502 bcd70972964cfa86110bee9a6a1505ef\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_powerpc.deb\n Size/MD5 checksum: 101802 a18a6537d5d713bd0558c8f0ad249c9e\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_powerpc.deb\n Size/MD5 checksum: 55646 0f750ad4ac8dda19e0bc3040c04c8f7c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_powerpc.deb\n Size/MD5 checksum: 30152 5df65eee7d68ceed32fae184b1b9001c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_powerpc.deb\n Size/MD5 checksum: 9764 cb68e61cd8fb03f1e2d26d0b297967da\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_powerpc.deb\n Size/MD5 checksum: 187752 cf2371d1505f2ee08b609352d22c414a\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_s390.deb\n Size/MD5 checksum: 25942 0c2ce90a506f671b1b522d4d4a323228\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_s390.deb\n Size/MD5 checksum: 14674 49f98c167a3a245dc0b0d3f26a9ebe31\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_s390.deb\n Size/MD5 checksum: 13460 cddc4e03edcd1f8d36dc002df4ef9ea4\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_s390.deb\n Size/MD5 checksum: 12176 0b5766d05c74930f8a044c3ce084ec9f\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_s390.deb\n Size/MD5 checksum: 14342 88b09e20ae652b177db0f0f61c461d88\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_s390.deb\n Size/MD5 checksum: 10446 61a44b460b10abc4b8e73ef80bac346b\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_s390.deb\n Size/MD5 checksum: 51378 203a15cd5e5a77e776c5ecb6543e21a7\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_s390.deb\n Size/MD5 checksum: 109096 8a14dddddc305e862f5a007ef2f5aa24\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_s390.deb\n Size/MD5 checksum: 8372 e638b65b2635e101382e890499505b10\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_s390.deb\n Size/MD5 checksum: 320758 f85d3f4c8ce42e174e1ee1e83f7b018e\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_s390.deb\n Size/MD5 checksum: 11712 c00a2198e2f3382b9b59ea542d1a2a69\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_s390.deb\n Size/MD5 checksum: 13680 b32fad1ac9c06537e7a812a8c4e15172\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_s390.deb\n Size/MD5 checksum: 175992 28ebd7f09cd900444761111a781e0609\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_sparc.deb\n Size/MD5 checksum: 10024 2e222ba1fe2dd6a2012c557c3817c9b7\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_sparc.deb\n Size/MD5 checksum: 8104 fbbeb078420f51a55700bec7e012aa1a\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_sparc.deb\n Size/MD5 checksum: 11008 9aa3bd323afc84041d44a1df3de60ebf\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_sparc.deb\n Size/MD5 checksum: 171106 864084977173738d1e63517e145fd7c2\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_sparc.deb\n Size/MD5 checksum: 12396 457318a80c8a837b87f60216e9e11f50\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_sparc.deb\n Size/MD5 checksum: 293208 171a90622ce7063eea81abe2dc54e7dd\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_sparc.deb\n Size/MD5 checksum: 9798 2007ca84fe0f3b714a7bb9fb2034c48c\n http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_sparc.deb\n Size/MD5 checksum: 97120 eaa2dd2c767ebe8df597fb148f5a22cf\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_sparc.deb\n Size/MD5 checksum: 13746 730dc0d290eee22bcbed544136bb9d22\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_sparc.deb\n Size/MD5 checksum: 12676 529a011e332137683d4522783a278682\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_sparc.deb\n Size/MD5 checksum: 46048 3bcb521163e5f02dd192a5d55d169e1c\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_sparc.deb\n Size/MD5 checksum: 12460 9551719654ec31880c448a3cd9c7e023\n http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_sparc.deb\n Size/MD5 checksum: 24352 6910ac3dfa461f40cf67a30b9c16c9e7\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2008-01-27T18:16:51", "published": "2008-01-27T18:16:51", "id": "DEBIAN:DSA-1476-1:88A32", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00038.html", "title": "[SECURITY] [DSA 1476-1] New pulseaudio packages fix privilege escalation", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}