Vulnerability Details CVE-2008-0008
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.6%
CVSS Severity
CVSS v2 Score 7.2
References
- http://bugs.gentoo.org/show_bug.cgi?id=207214
- http://pulseaudio.org/changeset/2100
- http://secunia.com/advisories/28608
- http://secunia.com/advisories/28623
- http://secunia.com/advisories/28738
- http://secunia.com/advisories/28952
- http://security.gentoo.org/glsa/glsa-200802-07.xml
- http://www.debian.org/security/2008/dsa-1476
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:027
- http://www.securityfocus.com/bid/27449
- http://www.ubuntu.com/usn/usn-573-1
- http://www.vupen.com/english/advisories/2008/0283
- https://bugzilla.novell.com/show_bug.cgi?id=347822
- https://bugzilla.redhat.com/show_bug.cgi?id=425481
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39992
- https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html
- http://bugs.gentoo.org/show_bug.cgi?id=207214
- http://pulseaudio.org/changeset/2100
- http://secunia.com/advisories/28608
- http://secunia.com/advisories/28623
- http://secunia.com/advisories/28738
- http://secunia.com/advisories/28952
- http://security.gentoo.org/glsa/glsa-200802-07.xml
- http://www.debian.org/security/2008/dsa-1476
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:027
- http://www.securityfocus.com/bid/27449
- http://www.ubuntu.com/usn/usn-573-1
- http://www.vupen.com/english/advisories/2008/0283
- https://bugzilla.novell.com/show_bug.cgi?id=347822
- https://bugzilla.redhat.com/show_bug.cgi?id=425481
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39992
- https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html
Products affected by CVE-2008-0008
-
cpe:2.3:a:pulseaudio:pulseaudio:0.9.6
-
cpe:2.3:a:pulseaudio:pulseaudio:0.9.8
-
cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1
-
cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0
-
cpe:2.3:o:redhat:fedora:7
-
cpe:2.3:o:redhat:fedora:8