Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200907-13
HistoryJul 16, 2009 - 12:00 a.m.

PulseAudio: Local privilege escalation

2009-07-1600:00:00
Gentoo Foundation
security.gentoo.org
19

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Background

PulseAudio is a network-enabled sound server with an advanced plug-in system.

Description

Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerability has independently been reported to oCERT by Yorick Koster.

Impact

A local user who has write access to any directory on the file system containing /usr/bin can exploit this vulnerability using a race condition to execute arbitrary code with root privileges.

Workaround

Ensure that the file system holding /usr/bin does not contain directories that are writable for unprivileged users.

Resolution

All PulseAudio users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-sound/pulseaudio-0.9.9-r54"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-sound/pulseaudio<Β 0.9.9-r54UNKNOWN

Related

nessus 4
debian 1
openvas 10
ubuntucve 2
ubuntu 1
cve 2
debiancve 1
securityvulns 3
prion 2
osv 1
seebug 2
packetstorm 1
exploitpack 1
exploitdb 1
nessus
nessus
GLSA-200907-13 : PulseAudio: Local privilege escalation
2009-07-17 00:00:00
Debian DSA-1838-1 : pulseaudio - privilege escalation
2010-02-24 00:00:00
Mandriva Linux Security Advisory : pulseaudio (MDVSA-2009:152)
2009-07-20 00:00:00
debian
debian
[SECURITY] [DSA 1838-1] New pulseaudio packages fix privilege escalation
2009-07-18 12:18:19
openvas
openvas
Debian: Security Advisory (DSA-1838-1)
2009-07-29 00:00:00
Gentoo Security Advisory GLSA 200907-13 (pulseaudio)
2009-07-29 00:00:00
Mandrake Security Advisory MDVSA-2009:152 (pulseaudio)
2009-07-29 00:00:00
ubuntucve
ubuntucve
CVE-2009-1894
2009-07-17 00:00:00
CVE-2009-1897
2009-07-20 00:00:00
ubuntu
ubuntu
PulseAudio vulnerability
2009-07-16 00:00:00
cve
cve
CVE-2009-1894
2009-07-17 16:30:00
CVE-2009-1897
2009-07-20 17:30:00
debiancve
debiancve
CVE-2009-1894
2009-07-17 16:30:00
securityvulns
securityvulns
PulseAudio race conditions
2009-07-18 00:00:00
PulseAudio local race condition privilege escalation vulnerability
2009-07-18 00:00:00
The GNU C library dynamic linker expands $ORIGIN in setuid library search path
2010-10-24 00:00:00
prion
prion
Race condition
2009-07-17 16:30:00
Null pointer dereference
2009-07-20 17:30:00
osv
osv
pulseaudio - privilege escalation
2009-07-18 00:00:00
seebug
seebug
Linux Kernel tun_chr_pool()ε‡½ζ•°η©ΊζŒ‡ι’ˆεΌ•η”¨ζΌζ΄ž
2009-07-20 00:00:00
GNU C library dynamic linker $ORIGIN expansion Vulnerability
2014-07-01 00:00:00
packetstorm
packetstorm
GNU C Library Dynamic Linker $ORIGIN Expansion Vulnerability
2010-10-19 00:00:00
exploitpack
exploitpack
GNU C library dynamic linker - $ORIGIN Expansion
2010-10-18 00:00:00
exploitdb
exploitdb
GNU C library dynamic linker - &#039;$ORIGIN&#039; Expansion
2010-10-18 00:00:00

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON
Related for GLSA-200907-13
nessus4debian1openvas10ubuntucve2ubuntu1cve2debiancve1securityvulns3prion2osv1seebug2packetstorm1exploitpack1exploitdb1