CVE-2008-0008 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-0008
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-0008

Description: The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/39992 UBUNTU http://www.ubuntu.com/usn/usn-573-1 SAID Secunia Advisory: SA28623 Secunia Advisory: SA28608 Secunia Advisory: SA28738 Secunia Advisory: SA28952 MLIST MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:027 GENTOO http://security.gentoo.org/glsa/glsa-200802-07.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1476 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=207214 http://pulseaudio.org/changeset/2100 BID 27449

Return to the previous page.