Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1838-1
HistoryJul 18, 2009 - 12:00 a.m.

pulseaudio - privilege escalation

2009-07-1800:00:00
Google
osv.dev
9

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon
does not drop privileges before re-executing itself, enabling local
attackers to increase their privileges.

The old stable distribution (etch) is not affected by this issue.

For the stable distribution (lenny), this problem has been fixed in
version 0.9.10-3+lenny1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your pulseaudio packages.

CPENameOperatorVersion
pulseaudioeq0.9.10-3

Related

cve 2
openvas 10
debiancve 1
debian 1
nessus 4
ubuntucve 2
gentoo 1
securityvulns 3
prion 2
ubuntu 1
seebug 2
packetstorm 1
exploitpack 1
exploitdb 1
cve
cve
CVE-2009-1894
2009-07-17 16:30:00
CVE-2009-1897
2009-07-20 17:30:00
openvas
openvas
Mandrake Security Advisory MDVSA-2009:171 (pulseaudio)
2009-08-17 00:00:00
Gentoo Security Advisory GLSA 200907-13 (pulseaudio)
2009-07-29 00:00:00
Debian: Security Advisory (DSA-1838-1)
2009-07-29 00:00:00
debiancve
debiancve
CVE-2009-1894
2009-07-17 16:30:00
debian
debian
[SECURITY] [DSA 1838-1] New pulseaudio packages fix privilege escalation
2009-07-18 12:18:19
nessus
nessus
GLSA-200907-13 : PulseAudio: Local privilege escalation
2009-07-17 00:00:00
Mandriva Linux Security Advisory : pulseaudio (MDVSA-2009:152)
2009-07-20 00:00:00
Ubuntu 8.04 LTS / 8.10 / 9.04 : pulseaudio vulnerability (USN-804-1)
2009-07-17 00:00:00
ubuntucve
ubuntucve
CVE-2009-1894
2009-07-17 00:00:00
CVE-2009-1897
2009-07-20 00:00:00
gentoo
gentoo
PulseAudio: Local privilege escalation
2009-07-16 00:00:00
securityvulns
securityvulns
PulseAudio race conditions
2009-07-18 00:00:00
PulseAudio local race condition privilege escalation vulnerability
2009-07-18 00:00:00
The GNU C library dynamic linker expands $ORIGIN in setuid library search path
2010-10-24 00:00:00
prion
prion
Race condition
2009-07-17 16:30:00
Null pointer dereference
2009-07-20 17:30:00
ubuntu
ubuntu
PulseAudio vulnerability
2009-07-16 00:00:00
seebug
seebug
Linux Kernel tun_chr_pool()函数空指针引用漏洞
2009-07-20 00:00:00
GNU C library dynamic linker $ORIGIN expansion Vulnerability
2014-07-01 00:00:00
packetstorm
packetstorm
GNU C Library Dynamic Linker $ORIGIN Expansion Vulnerability
2010-10-19 00:00:00
exploitpack
exploitpack
GNU C library dynamic linker - $ORIGIN Expansion
2010-10-18 00:00:00
exploitdb
exploitdb
GNU C library dynamic linker - '$ORIGIN' Expansion
2010-10-18 00:00:00

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for OSV:DSA-1838-1
cve2openvas10debiancve1debian1nessus4ubuntucve2gentoo1securityvulns3prion2ubuntu1seebug2packetstorm1exploitpack1exploitdb1