Back to search
CVE-2008-0008
Published: Jan 28, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
MDVSA-2008:027
vendor-advisory
x_refsource_MANDRIVA
27449
vdb-entry
x_refsource_BID
28623
third-party-advisory
x_refsource_SECUNIA
[pulseaudio-discuss] 20080124 [ANNOUNCE] PulseAudio 0.9.9
mailing-list
x_refsource_MLIST
http://pulseaudio.org/changeset/2100
x_refsource_CONFIRM
ADV-2008-0283
vdb-entry
x_refsource_VUPEN
http://bugs.gentoo.org/show_bug.cgi?id=207214
x_refsource_CONFIRM
DSA-1476
vendor-advisory
x_refsource_DEBIAN
FEDORA-2008-0963
vendor-advisory
x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=425481
x_refsource_CONFIRM
GLSA-200802-07
vendor-advisory
x_refsource_GENTOO
FEDORA-2008-0994
vendor-advisory
x_refsource_FEDORA
28738
third-party-advisory
x_refsource_SECUNIA
pulseaudio-padroproot-privilege-escalation(39992)
vdb-entry
x_refsource_XF
USN-573-1
vendor-advisory
x_refsource_UBUNTU
28952
third-party-advisory
x_refsource_SECUNIA
28608
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.novell.com/show_bug.cgi?id=347822
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now