CVE-2008-0008

Vulnerability Description

The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://bugs.gentoo.org/show_bug.cgi?id=207214Third Party Advisory
• http://pulseaudio.org/changeset/2100Exploit
• http://secunia.com/advisories/28608Vendor Advisory
• http://secunia.com/advisories/28623Vendor Advisory
• http://secunia.com/advisories/28738Vendor Advisory
• http://secunia.com/advisories/28952Vendor Advisory
• http://security.gentoo.org/glsa/glsa-200802-07.xmlThird Party Advisory
• http://www.debian.org/security/2008/dsa-1476Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:027Third Party Advisory
• http://www.securityfocus.com/bid/27449Third Party AdvisoryVDB Entry
• http://www.ubuntu.com/usn/usn-573-1Third Party Advisory
• http://www.vupen.com/english/advisories/2008/0283Vendor Advisory
• https://bugzilla.novell.com/show_bug.cgi?id=347822Issue Tracking
• https://bugzilla.redhat.com/show_bug.cgi?id=425481Issue Tracking
• https://exchange.xforce.ibmcloud.com/vulnerabilities/39992VDB Entry