Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200802-07
HistoryFeb 13, 2008 - 12:00 a.m.

Pulseaudio: Privilege escalation

2008-02-1300:00:00
Gentoo Foundation
security.gentoo.org
8

0.0004 Low

EPSS

Percentile

9.7%

JSON

Background

Pulseaudio is a networked sound server with an advanced plugin system.

Description

Marcus Meissner from SUSE reported that the pa_drop_root() function does not properly check the return value of the system calls setuid(), seteuid(), setresuid() and setreuid() when dropping its privileges.

Impact

A local attacker could cause a resource exhaustion to make the system calls fail, which would cause Pulseaudio to run as root. The attacker could then perform actions with root privileges.

Workaround

There is no known workaround at this time.

Resolution

All Pulseaudio users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-sound/pulseaudio-0.9.9"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-sound/pulseaudio< 0.9.9UNKNOWN

Related

nessus 6
openvas 12
debiancve 1
prion 1
fedora 2
securityvulns 2
ubuntu 1
cvelist 1
cve 1
debian 1
ubuntucve 1
nessus
nessus
Fedora 7 : pulseaudio-0.9.6-2.fc7.1 (2008-0994)
2008-01-27 00:00:00
Fedora 8 : pulseaudio-0.9.8-5.fc8 (2008-0963)
2008-01-27 00:00:00
Mandriva Linux Security Advisory : pulseaudio (MDVSA-2008:027)
2009-04-23 00:00:00
openvas
openvas
Fedora Update for pulseaudio FEDORA-2008-0963
2009-02-17 00:00:00
Gentoo Security Advisory GLSA 200802-07 (pulseaudio)
2008-09-24 00:00:00
Mandriva Update for pulseaudio MDVSA-2008:027 (pulseaudio)
2009-04-09 00:00:00
debiancve
debiancve
CVE-2008-0008
2008-01-29 00:00:00
prion
prion
Privilege escalation
2008-01-29 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: pulseaudio-0.9.6-2.fc7.1
2008-01-24 22:02:07
[SECURITY] Fedora 8 Update: pulseaudio-0.9.8-5.fc8
2008-01-24 21:59:33
securityvulns
securityvulns
[ MDVSA-2008:027 ] - Updated pulseaudio packages fix local root vulnerability
2008-01-27 00:00:00
pulseuadio privilege escalation
2008-01-27 00:00:00
ubuntu
ubuntu
PulseAudio vulnerability
2008-01-31 00:00:00
cvelist
cvelist
CVE-2008-0008
2008-01-28 23:00:00
cve
cve
CVE-2008-0008
2008-01-29 00:00:00
debian
debian
[SECURITY] [DSA 1476-1] New pulseaudio packages fix privilege escalation
2008-01-27 18:16:51
ubuntucve
ubuntucve
CVE-2008-0008
2008-01-29 00:00:00

0.0004 Low

EPSS

Percentile

9.7%

JSON
Related for GLSA-200802-07
nessus6openvas12debiancve1prion1fedora2securityvulns2ubuntu1cvelist1cve1debian1ubuntucve1