ALSA libasound.so Stack Protection Bypass

2005-02-15T12:26:53
ID OSVDB:13854
Type osvdb
Reporter OSVDB
Modified 2005-02-15T12:26:53

Description

Vulnerability Description

Alsa contains a flaw that may allow a malicious user to bypass stack execution protection for the 'libasound.so' library. The issue is triggered when any application is linked to libasound. It is possible that the flaw may allow a local attacker to disable stack execution protection for the linked applications resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. Some Unix vendors have released patches for their own distributions.

Short Description

Alsa contains a flaw that may allow a malicious user to bypass stack execution protection for the 'libasound.so' library. The issue is triggered when any application is linked to libasound. It is possible that the flaw may allow a local attacker to disable stack execution protection for the linked applications resulting in a loss of integrity.

References:

Vendor URL: http://www.alsa-project.org/ Vendor Specific Advisory URL Security Tracker: 1013187 Keyword: Advanced Linux Sound Architecture CVE-2005-0087