Vulnerabilites related to pulseaudio - pulseaudio
CVE-2009-1299 (GCVE-0-2009-1299)
Vulnerability from cvelistv5
Published
2010-03-18 17:12
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.0pointer.de/?p=pulseaudio.git%3Ba=patch%3Bh=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee"
},
{
"name": "MDVSA-2010:124",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:124"
},
{
"name": "ADV-2010-1570",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1570"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615"
},
{
"name": "DSA-2017",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-30T09:00:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.0pointer.de/?p=pulseaudio.git%3Ba=patch%3Bh=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee"
},
{
"name": "MDVSA-2010:124",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:124"
},
{
"name": "ADV-2010-1570",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1570"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615"
},
{
"name": "DSA-2017",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2009-1299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008",
"refsource": "CONFIRM",
"url": "https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008"
},
{
"name": "http://git.0pointer.de/?p=pulseaudio.git;a=patch;h=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee",
"refsource": "CONFIRM",
"url": "http://git.0pointer.de/?p=pulseaudio.git;a=patch;h=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee"
},
{
"name": "MDVSA-2010:124",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:124"
},
{
"name": "ADV-2010-1570",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1570"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615"
},
{
"name": "DSA-2017",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2009-1299",
"datePublished": "2010-03-18T17:12:00",
"dateReserved": "2009-04-15T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1804 (GCVE-0-2007-1804)
Vulnerability from cvelistv5
Published
2007-04-02 23:00
Modified
2024-08-07 13:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25431"
},
{
"name": "MDVSA-2008:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:065"
},
{
"name": "ADV-2007-1214",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1214"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/pulsex-adv.txt"
},
{
"name": "pulseaudio-assert-dos(33315)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33315"
},
{
"name": "SUSE-SR:2007:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"name": "23240",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23240"
},
{
"name": "USN-465-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-465-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/poc/pulsex.zip"
},
{
"name": "25787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p-\u003eexport assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25431"
},
{
"name": "MDVSA-2008:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:065"
},
{
"name": "ADV-2007-1214",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1214"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/pulsex-adv.txt"
},
{
"name": "pulseaudio-assert-dos(33315)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33315"
},
{
"name": "SUSE-SR:2007:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"name": "23240",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23240"
},
{
"name": "USN-465-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-465-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/poc/pulsex.zip"
},
{
"name": "25787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p-\u003eexport assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25431"
},
{
"name": "MDVSA-2008:065",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:065"
},
{
"name": "ADV-2007-1214",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1214"
},
{
"name": "http://aluigi.altervista.org/adv/pulsex-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/pulsex-adv.txt"
},
{
"name": "pulseaudio-assert-dos(33315)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33315"
},
{
"name": "SUSE-SR:2007:013",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"name": "23240",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23240"
},
{
"name": "USN-465-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-465-1"
},
{
"name": "http://aluigi.org/poc/pulsex.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/pulsex.zip"
},
{
"name": "25787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1804",
"datePublished": "2007-04-02T23:00:00",
"dateReserved": "2007-04-02T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0008 (GCVE-0-2008-0008)
Vulnerability from cvelistv5
Published
2008-01-28 23:00
Modified
2024-08-07 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:027"
},
{
"name": "27449",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27449"
},
{
"name": "28623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28623"
},
{
"name": "[pulseaudio-discuss] 20080124 [ANNOUNCE] PulseAudio 0.9.9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pulseaudio.org/changeset/2100"
},
{
"name": "ADV-2008-0283",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0283"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207214"
},
{
"name": "DSA-1476",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1476"
},
{
"name": "FEDORA-2008-0963",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425481"
},
{
"name": "GLSA-200802-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-07.xml"
},
{
"name": "FEDORA-2008-0994",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html"
},
{
"name": "28738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28738"
},
{
"name": "pulseaudio-padroproot-privilege-escalation(39992)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39992"
},
{
"name": "USN-573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-573-1"
},
{
"name": "28952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28952"
},
{
"name": "28608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=347822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2008:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:027"
},
{
"name": "27449",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27449"
},
{
"name": "28623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28623"
},
{
"name": "[pulseaudio-discuss] 20080124 [ANNOUNCE] PulseAudio 0.9.9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pulseaudio.org/changeset/2100"
},
{
"name": "ADV-2008-0283",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0283"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207214"
},
{
"name": "DSA-1476",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1476"
},
{
"name": "FEDORA-2008-0963",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425481"
},
{
"name": "GLSA-200802-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-07.xml"
},
{
"name": "FEDORA-2008-0994",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html"
},
{
"name": "28738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28738"
},
{
"name": "pulseaudio-padroproot-privilege-escalation(39992)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39992"
},
{
"name": "USN-573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-573-1"
},
{
"name": "28952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28952"
},
{
"name": "28608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=347822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-0008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:027",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:027"
},
{
"name": "27449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27449"
},
{
"name": "28623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28623"
},
{
"name": "[pulseaudio-discuss] 20080124 [ANNOUNCE] PulseAudio 0.9.9",
"refsource": "MLIST",
"url": "https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html"
},
{
"name": "http://pulseaudio.org/changeset/2100",
"refsource": "CONFIRM",
"url": "http://pulseaudio.org/changeset/2100"
},
{
"name": "ADV-2008-0283",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0283"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=207214",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207214"
},
{
"name": "DSA-1476",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1476"
},
{
"name": "FEDORA-2008-0963",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=425481",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425481"
},
{
"name": "GLSA-200802-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-07.xml"
},
{
"name": "FEDORA-2008-0994",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html"
},
{
"name": "28738",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28738"
},
{
"name": "pulseaudio-padroproot-privilege-escalation(39992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39992"
},
{
"name": "USN-573-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-573-1"
},
{
"name": "28952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28952"
},
{
"name": "28608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28608"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=347822",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=347822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-0008",
"datePublished": "2008-01-28T23:00:00",
"dateReserved": "2007-12-03T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1894 (GCVE-0-2009-1894)
Vulnerability from cvelistv5
Published
2009-07-17 16:00
Modified
2024-08-07 05:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35868",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35868"
},
{
"name": "MDVSA-2009:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:171"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html"
},
{
"name": "pulseaudio-suid-privilege-escalation(51804)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51804"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.akitasecurity.nl/advisory.php?id=AK20090602"
},
{
"name": "MDVSA-2009:152",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:152"
},
{
"name": "35886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35886"
},
{
"name": "35721",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35721"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510071"
},
{
"name": "20090717 PulseAudio local race condition privilege escalation vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505052/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2"
},
{
"name": "DSA-1838",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1838"
},
{
"name": "35896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35896"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://taviso.decsystem.org/research.html"
},
{
"name": "GLSA-200907-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-13.xml"
},
{
"name": "USN-804-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-804-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "35868",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35868"
},
{
"name": "MDVSA-2009:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:171"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html"
},
{
"name": "pulseaudio-suid-privilege-escalation(51804)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51804"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.akitasecurity.nl/advisory.php?id=AK20090602"
},
{
"name": "MDVSA-2009:152",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:152"
},
{
"name": "35886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35886"
},
{
"name": "35721",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35721"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510071"
},
{
"name": "20090717 PulseAudio local race condition privilege escalation vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505052/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2"
},
{
"name": "DSA-1838",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1838"
},
{
"name": "35896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35896"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://taviso.decsystem.org/research.html"
},
{
"name": "GLSA-200907-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-13.xml"
},
{
"name": "USN-804-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-804-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1894",
"datePublished": "2009-07-17T16:00:00",
"dateReserved": "2009-06-02T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11931 (GCVE-0-2020-11931)
Vulnerability from cvelistv5
Published
2020-05-15 03:25
Modified
2024-09-17 00:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical | pulseaudio |
Version: 1:8.0 < 1:8.0-0ubuntu3.12 Version: 1:11.1 < 1:11.1-1ubuntu7.7 Version: 1:13.0 < 1:13.0-1ubuntu1.2 Version: 1:13.99.1 < 1:13.99.1-1ubuntu3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3"
},
{
"name": "USN-4355-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4355-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pulseaudio",
"vendor": "Canonical",
"versions": [
{
"lessThan": "1:8.0-0ubuntu3.12",
"status": "affected",
"version": "1:8.0",
"versionType": "custom"
},
{
"lessThan": "1:11.1-1ubuntu7.7",
"status": "affected",
"version": "1:11.1",
"versionType": "custom"
},
{
"lessThan": "1:13.0-1ubuntu1.2",
"status": "affected",
"version": "1:13.0",
"versionType": "custom"
},
{
"lessThan": "1:13.99.1-1ubuntu3.2",
"status": "affected",
"version": "1:13.99.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Henstridge"
}
],
"datePublic": "2020-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-18T18:06:14",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3"
},
{
"name": "USN-4355-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4355-1/"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4355-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1877102"
],
"discovery": "INTERNAL"
},
"title": "Ubuntu modifications to pulseaudio to provide snap security enforcement could be unloaded",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-04-16T00:00:00.000Z",
"ID": "CVE-2020-11931",
"STATE": "PUBLIC",
"TITLE": "Ubuntu modifications to pulseaudio to provide snap security enforcement could be unloaded"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pulseaudio",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1:8.0",
"version_value": "1:8.0-0ubuntu3.12"
},
{
"version_affected": "\u003c",
"version_name": "1:11.1",
"version_value": "1:11.1-1ubuntu7.7"
},
{
"version_affected": "\u003c",
"version_name": "1:13.0",
"version_value": "1:13.0-1ubuntu1.2"
},
{
"version_affected": "\u003c",
"version_name": "1:13.99.1",
"version_value": "1:13.99.1-1ubuntu3.2"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "James Henstridge"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3",
"refsource": "MISC",
"url": "https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3"
},
{
"name": "USN-4355-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4355-1/"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4355-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1877102"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-11931",
"datePublished": "2020-05-15T03:25:11.587553Z",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-09-17T00:41:25.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3970 (GCVE-0-2014-3970)
Vulnerability from cvelistv5
Published
2014-06-11 14:00
Modified
2024-08-06 10:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67814",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67814"
},
{
"name": "MDVSA-2015:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:134"
},
{
"name": "[oss-security] 20140604 CVE request: PulseAudio crash due to empty UDP packet",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/429"
},
{
"name": "[pulseaudio-discuss] 20140531 Remotely triggerable crash in module-rtp-recv",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0440.html"
},
{
"name": "60624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60624"
},
{
"name": "[oss-security] 20140604 Re: CVE request: PulseAudio crash due to empty UDP packet",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "67814",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67814"
},
{
"name": "MDVSA-2015:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:134"
},
{
"name": "[oss-security] 20140604 CVE request: PulseAudio crash due to empty UDP packet",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/429"
},
{
"name": "[pulseaudio-discuss] 20140531 Remotely triggerable crash in module-rtp-recv",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0440.html"
},
{
"name": "60624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60624"
},
{
"name": "[oss-security] 20140604 Re: CVE request: PulseAudio crash due to empty UDP packet",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67814"
},
{
"name": "MDVSA-2015:134",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:134"
},
{
"name": "[oss-security] 20140604 CVE request: PulseAudio crash due to empty UDP packet",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/429"
},
{
"name": "[pulseaudio-discuss] 20140531 Remotely triggerable crash in module-rtp-recv",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0440.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0440.html"
},
{
"name": "60624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60624"
},
{
"name": "[oss-security] 20140604 Re: CVE request: PulseAudio crash due to empty UDP packet",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3970",
"datePublished": "2014-06-11T14:00:00",
"dateReserved": "2014-06-04T00:00:00",
"dateUpdated": "2024-08-06T10:57:18.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-06-11 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://advisories.mageia.org/MGASA-2014-0440.html | ||
| cve@mitre.org | http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html | Exploit | |
| cve@mitre.org | http://seclists.org/oss-sec/2014/q2/429 | ||
| cve@mitre.org | http://seclists.org/oss-sec/2014/q2/437 | ||
| cve@mitre.org | http://secunia.com/advisories/60624 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2015:134 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/67814 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://advisories.mageia.org/MGASA-2014-0440.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q2/429 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q2/437 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/60624 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2015:134 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/67814 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pulseaudio | pulseaudio | 1.0 | |
| pulseaudio | pulseaudio | 1.1 | |
| pulseaudio | pulseaudio | 1.99.1 | |
| pulseaudio | pulseaudio | 1.99.2 | |
| pulseaudio | pulseaudio | 2.0 | |
| pulseaudio | pulseaudio | 2.1 | |
| pulseaudio | pulseaudio | 3.0 | |
| pulseaudio | pulseaudio | 4.0 | |
| pulseaudio | pulseaudio | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BFDEE3D-44CD-43E8-92C8-953EFDB22761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F596B154-DABA-481F-9CB2-799D3AB142B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:1.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "733CA32D-2662-4158-8458-B0D6C9DC14BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:1.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB11D799-A9C3-4F27-A58C-818A130D1DAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2B12D8-F21A-41F3-91E2-9AE271D2C692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "836FD10A-2A09-458A-B904-DAB5D5D78D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D664D404-5476-46E7-8EC9-9F4BAD4AB38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C45B6F5-CBFB-417C-8ADE-F9DA5D7F535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2BA4B8-5EF9-4DDB-B68F-A7941D001E13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet."
},
{
"lang": "es",
"value": "La funci\u00f3n pa_rtp_recv en modules/rtp/rtp.c en el m\u00f3dulo module-rtp-recv en PulseAudio 5.0 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y abortar) a trav\u00e9s de un paquete UDP vac\u00edo."
}
],
"id": "CVE-2014-3970",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-11T14:55:09.423",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0440.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q2/429"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q2/437"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60624"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:134"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0440.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q2/429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q2/437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67814"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-17 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html | ||
| secalert@redhat.com | http://secunia.com/advisories/35868 | ||
| secalert@redhat.com | http://secunia.com/advisories/35886 | ||
| secalert@redhat.com | http://secunia.com/advisories/35896 | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200907-13.xml | ||
| secalert@redhat.com | http://taviso.decsystem.org/research.html | ||
| secalert@redhat.com | http://www.akitasecurity.nl/advisory.php?id=AK20090602 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1838 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:152 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:171 | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/505052/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/35721 | Exploit, Patch | |
| secalert@redhat.com | http://www.ubuntu.com/usn/usn-804-1 | ||
| secalert@redhat.com | https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=510071 | Exploit, Patch | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/51804 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35868 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35886 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35896 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200907-13.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://taviso.decsystem.org/research.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.akitasecurity.nl/advisory.php?id=AK20090602 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1838 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:152 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:171 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/505052/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35721 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-804-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=510071 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/51804 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pulseaudio | pulseaudio | 0.9.9 | |
| pulseaudio | pulseaudio | 0.9.10 | |
| pulseaudio | pulseaudio | 0.9.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3F828E-51A2-4B02-8E74-449AAF5D1534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7A5FDE-F1D3-4872-8FEA-422187E170F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:0.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD34EC3-9E40-411C-9BF7-279B93EAE73D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en PulseAudio v0.9.9, v0.9.10, y v0.9.14 permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores que implican la creaci\u00f3n de \"hard links\", relativo a fijar la configuraci\u00f3n de LD_BIND_NOW a 1, y entonces, llamar a execv con el objetivo /proc/self/exe symlink."
}
],
"id": "CVE-2009-1894",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-17T16:30:00.920",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35868"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35886"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35896"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200907-13.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://taviso.decsystem.org/research.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.akitasecurity.nl/advisory.php?id=AK20090602"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1838"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:152"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:171"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/505052/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/35721"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-804-1"
},
{
"source": "secalert@redhat.com",
"url": "https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510071"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200907-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://taviso.decsystem.org/research.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.akitasecurity.nl/advisory.php?id=AK20090602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/505052/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/35721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-804-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51804"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-29 00:00
Modified
2025-04-09 00:30
Severity ?
Summary
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.gentoo.org/show_bug.cgi?id=207214 | Third Party Advisory | |
| secalert@redhat.com | http://pulseaudio.org/changeset/2100 | Exploit | |
| secalert@redhat.com | http://secunia.com/advisories/28608 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28623 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28738 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/28952 | Vendor Advisory | |
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200802-07.xml | Third Party Advisory | |
| secalert@redhat.com | http://www.debian.org/security/2008/dsa-1476 | Third Party Advisory | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:027 | Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/27449 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/usn-573-1 | Third Party Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/0283 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.novell.com/show_bug.cgi?id=347822 | Issue Tracking | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=425481 | Issue Tracking | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/39992 | VDB Entry | |
| secalert@redhat.com | https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html | Broken Link | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html | Third Party Advisory | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=207214 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://pulseaudio.org/changeset/2100 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28608 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28623 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28738 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28952 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200802-07.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1476 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:027 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/27449 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-573-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0283 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.novell.com/show_bug.cgi?id=347822 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=425481 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/39992 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mandrakesoft | mandrake_linux | 2007.1 | |
| mandrakesoft | mandrake_linux | 2007.1 | |
| mandrakesoft | mandrake_linux | 2008.0 | |
| mandrakesoft | mandrake_linux | 2008.0 | |
| redhat | fedora | 7 | |
| redhat | fedora | 8 | |
| pulseaudio | pulseaudio | 0.9.6 | |
| pulseaudio | pulseaudio | 0.9.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19D64247-F0A0-4984-84EA-B63FC901F002",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "316AA6EB-7191-479E-99D5-40DA79E340E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7AD2F3-451D-4F37-A6F3-DE676804BBA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "5FE8C9E7-15C3-4F89-8E54-C9691FAD4E4C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E8B62F-B9DE-4209-9531-8FA6C4869295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "21A099DF-9D09-4698-96FC-00D188FD9E36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion."
},
{
"lang": "es",
"value": "La funci\u00f3n pa_drop_root en PulseAudio versi\u00f3n 0.9.8, y una cierta build 0.9.9, no comprueba los valores de retorno de llamadas (1) setresuid, (2) setreuid, (3) setuid y (4) seteuid, cuando intenta perder privilegios, lo que podr\u00eda permitir a usuarios locales alcanzar privilegios causando que esas llamadas fallen por ataques tales como el agotamiento de recursos."
}
],
"id": "CVE-2008-0008",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-29T00:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207214"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://pulseaudio.org/changeset/2100"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28608"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28623"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28738"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28952"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-07.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1476"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:027"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/27449"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-573-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0283"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=347822"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425481"
},
{
"source": "secalert@redhat.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39992"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://pulseaudio.org/changeset/2100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/27449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-573-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=347822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-15 04:15
Modified
2024-11-21 04:58
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3 | Third Party Advisory | |
| security@ubuntu.com | https://usn.ubuntu.com/4355-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4355-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pulseaudio | pulseaudio | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8509648D-0B4F-4ACB-819F-9DF2166BD9E6",
"versionEndIncluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;"
},
{
"lang": "es",
"value": "Una modificaci\u00f3n espec\u00edfica de Ubuntu para Pulseaudio para proporcionar mediaci\u00f3n de seguridad para aplicaciones empaquetadas de Snap se encontr\u00f3 que presenta una omisi\u00f3n de la restricci\u00f3n de acceso prevista para los snaps que conecta cualquiera pulseaudio, audio-playback o audio-record mediante la descarga del m\u00f3dulo de la pol\u00edtica de snap de pulseaudio. Este problema afecta a: pulseaudio versiones 1:8.0 anteriores a 1:8.0-0ubuntu3.12; versiones 1:11.1 anteriores a 1:11.1-1ubuntu7.7; versiones 1:13.0 anteriores a 1:13.0-1ubuntu1.2; versiones 1:13.99.1 anteriores a 1:13.99.1-1ubuntu3.2;"
}
],
"id": "CVE-2020-11931",
"lastModified": "2024-11-21T04:58:55.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-15T04:15:10.737",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4355-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4355-1/"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-02 23:19
Modified
2025-04-09 00:30
Severity ?
Summary
PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://aluigi.altervista.org/adv/pulsex-adv.txt | Patch | |
| cve@mitre.org | http://aluigi.org/poc/pulsex.zip | ||
| cve@mitre.org | http://secunia.com/advisories/25431 | ||
| cve@mitre.org | http://secunia.com/advisories/25787 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2008:065 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_13_sr.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/23240 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-465-1 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1214 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/33315 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://aluigi.altervista.org/adv/pulsex-adv.txt | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://aluigi.org/poc/pulsex.zip | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25431 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25787 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:065 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_13_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/23240 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-465-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1214 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33315 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pulseaudio | pulseaudio | 0.9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C541CE27-6036-429D-8FCE-6BC7562A925B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p-\u003eexport assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file."
},
{
"lang": "es",
"value": "PulseAudio 0.9.5 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) mediante (1) un valor PA_PSTREAM_DESCRIPTOR_LENGTH de FRAME_SIZE_MAX_ALLOW enviado al puerto TCP 9875, que dispara un fallo de aserci\u00f3n p-\u003eexportar en do_read; (2) un valor PA_PSTREAM_DESCRIPTOR_LENGTH de 0 enviado al puerto TCP 9875, lo cual dispara un fallo de aserci\u00f3n de longitud en pa_memblock_new; o (3) un paquete UDP vac\u00edo al puerto 9875, lo cual dispara un fallo de aserci\u00f3n t en pa_sdp_parse; y permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) mediante un paquete manipulado al puerto TCP 9875 que dispara un fallo de aserci\u00f3n de longitud m\u00e1xima (maxlength) en pa_memblockq_new, (5) dispara un fallo de aserci\u00f3n de tama\u00f1o en pa_xmalloc, o (6) reproduce un determinado archivo de sonido."
}
],
"id": "CVE-2007-1804",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-02T23:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://aluigi.altervista.org/adv/pulsex-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://aluigi.org/poc/pulsex.zip"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25431"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25787"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:065"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23240"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-465-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1214"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://aluigi.altervista.org/adv/pulsex-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.org/poc/pulsex.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-465-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33315"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-18 17:30
Modified
2025-04-11 00:51
Severity ?
Summary
The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615 | ||
| security@ubuntu.com | http://git.0pointer.de/?p=pulseaudio.git%3Ba=patch%3Bh=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee | ||
| security@ubuntu.com | http://www.debian.org/security/2010/dsa-2017 | ||
| security@ubuntu.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:124 | ||
| security@ubuntu.com | http://www.vupen.com/english/advisories/2010/1570 | ||
| security@ubuntu.com | https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://git.0pointer.de/?p=pulseaudio.git%3Ba=patch%3Bh=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2017 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:124 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1570 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pulseaudio | pulseaudio | 0.9.10 | |
| pulseaudio | pulseaudio | 0.9.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7A5FDE-F1D3-4872-8FEA-422187E170F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:0.9.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2EB932-2065-41F9-B69E-0083A140A5A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file."
},
{
"lang": "es",
"value": "La v0.9.10 y v0.9.19 permite a usuarios locales modificar el propietario y permisos de ficheros de su elecci\u00f3n a trav\u00e9s de ataque de enlaces simb\u00f3licos sobre un fichero temporal /tmp/.esd-#####."
}
],
"id": "CVE-2009-1299",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-18T17:30:00.337",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615"
},
{
"source": "security@ubuntu.com",
"url": "http://git.0pointer.de/?p=pulseaudio.git%3Ba=patch%3Bh=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee"
},
{
"source": "security@ubuntu.com",
"url": "http://www.debian.org/security/2010/dsa-2017"
},
{
"source": "security@ubuntu.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:124"
},
{
"source": "security@ubuntu.com",
"url": "http://www.vupen.com/english/advisories/2010/1570"
},
{
"source": "security@ubuntu.com",
"url": "https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.0pointer.de/?p=pulseaudio.git%3Ba=patch%3Bh=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}