7.2

CVE-2009-1894

Exploit
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PulseaudioPulseaudio Version0.9.9
PulseaudioPulseaudio Version0.9.10
PulseaudioPulseaudio Version0.9.14
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.74% 0.496
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://taviso.decsystem.org/research.html
http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html
http://secunia.com/advisories/35868
http://secunia.com/advisories/35886
http://secunia.com/advisories/35896
http://security.gentoo.org/glsa/glsa-200907-13.xml
http://www.akitasecurity.nl/advisory.php?id=AK20090602
http://www.debian.org/security/2009/dsa-1838
http://www.mandriva.com/security/advisories?name=MDVSA-2009:152
http://www.mandriva.com/security/advisories?name=MDVSA-2009:171
http://www.securityfocus.com/archive/1/505052/100/0/threaded
http://www.securityfocus.com/bid/35721
Patch
Exploit
http://www.ubuntu.com/usn/usn-804-1
https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2
https://bugzilla.redhat.com/show_bug.cgi?id=510071
Patch
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/51804