PulseAudio: Local privilege escalation

2009-07-16T00:00:00
ID GLSA-200907-13
Type gentoo
Reporter Gentoo Foundation
Modified 2009-07-16T00:00:00

Description

Background

PulseAudio is a network-enabled sound server with an advanced plug-in system.

Description

Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerability has independently been reported to oCERT by Yorick Koster.

Impact

A local user who has write access to any directory on the file system containing /usr/bin can exploit this vulnerability using a race condition to execute arbitrary code with root privileges.

Workaround

Ensure that the file system holding /usr/bin does not contain directories that are writable for unprivileged users.

Resolution

All PulseAudio users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-sound/pulseaudio-0.9.9-r54"