7.2

CVE-2008-0008

Exploit
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PulseaudioPulseaudio Version0.9.6
   MandrakesoftMandrake Linux Version2007.1
   MandrakesoftMandrake Linux Version2007.1 Editionx86_64
   MandrakesoftMandrake Linux Version2008.0
   MandrakesoftMandrake Linux Version2008.0 Editionx86_64
   RedhatFedora Version7
   RedhatFedora Version8
PulseaudioPulseaudio Version0.9.8
   MandrakesoftMandrake Linux Version2007.1
   MandrakesoftMandrake Linux Version2007.1 Editionx86_64
   MandrakesoftMandrake Linux Version2008.0
   MandrakesoftMandrake Linux Version2008.0 Editionx86_64
   RedhatFedora Version7
   RedhatFedora Version8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.56% 0.419
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://bugs.gentoo.org/show_bug.cgi?id=207214
Third Party Advisory
http://pulseaudio.org/changeset/2100
Exploit
http://secunia.com/advisories/28608
Vendor Advisory
http://secunia.com/advisories/28623
Vendor Advisory
http://secunia.com/advisories/28738
Vendor Advisory
http://secunia.com/advisories/28952
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200802-07.xml
Third Party Advisory
http://www.debian.org/security/2008/dsa-1476
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:027
Third Party Advisory
http://www.securityfocus.com/bid/27449
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-573-1
Third Party Advisory
http://www.vupen.com/english/advisories/2008/0283
Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=347822
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=425481
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/39992
VDB Entry
https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html
Third Party Advisory