7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
0.4%
PulseAudio is a network-enabled sound server with an advanced plug-in system.
Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerability has independently been reported to oCERT by Yorick Koster.
A local user who has write access to any directory on the file system containing /usr/bin can exploit this vulnerability using a race condition to execute arbitrary code with root privileges.
Ensure that the file system holding /usr/bin does not contain directories that are writable for unprivileged users.
All PulseAudio users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/pulseaudio-0.9.9-r54"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | media-sound/pulseaudio | <Β 0.9.9-r54 | UNKNOWN |