Lucene search
UbuntuUSN-804-1HistoryJul 16, 2009 - 12:00 a.m.
PulseAudio vulnerability
2009-07-1600:00:00
ubuntu.com
73
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.2 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
0.4%
Releases
- Ubuntu 9.04
- Ubuntu 8.10
- Ubuntu 8.04
Packages
- pulseaudio -
Details
Tavis Ormandy, Julien Tinnes, and Yorick Koster discovered that PulseAudio did not
safely re-execute itself. A local attacker could exploit this to gain
root privileges.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 9.04 | noarch | pulseaudio | <Β 1:0.9.14-0ubuntu20.2 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libpulse-browse0 | <Β 1:0.9.14-0ubuntu20.2 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libpulse-browse0-dbg | <Β 1:0.9.14-0ubuntu20.2 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libpulse-dev | <Β 1:0.9.14-0ubuntu20.2 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libpulse-mainloop-glib0 | <Β 1:0.9.14-0ubuntu20.2 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libpulse-mainloop-glib0-dbg | <Β 1:0.9.14-0ubuntu20.2 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libpulse0 | <Β 1:0.9.14-0ubuntu20.2 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libpulse0-dbg | <Β 1:0.9.14-0ubuntu20.2 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libpulsecore9 | <Β 1:0.9.14-0ubuntu20.2 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libpulsecore9-dbg | <Β 1:0.9.14-0ubuntu20.2 | UNKNOWN |
References
Related
openvas
openvas
Mandrake Security Advisory MDVSA-2009:152 (pulseaudio)
2009-07-29 00:00:00
Mandrake Security Advisory MDVSA-2009:152 (pulseaudio)
2009-07-29 00:00:00
Debian Security Advisory DSA 1838-1 (pulseaudio)
2009-07-29 00:00:00
nessus
nessus
Debian DSA-1838-1 : pulseaudio - privilege escalation
2010-02-24 00:00:00
Ubuntu 8.04 LTS / 8.10 / 9.04 : pulseaudio vulnerability (USN-804-1)
2009-07-17 00:00:00
Mandriva Linux Security Advisory : pulseaudio (MDVSA-2009:152)
2009-07-20 00:00:00
nvd
nvd
CVE-2009-1894
2009-07-17 16:30:00
CVE-2009-1897
2009-07-20 17:30:54
securityvulns
securityvulns
PulseAudio race conditions
2009-07-18 00:00:00
PulseAudio local race condition privilege escalation vulnerability
2009-07-18 00:00:00
prion
prion
Race condition
2009-07-17 16:30:00
Null pointer dereference
2009-07-20 17:30:00
cvelist
cvelist
CVE-2009-1894
2009-07-17 16:00:00
CVE-2009-1897
2009-07-20 17:00:00
cve
cve
CVE-2009-1894
2009-07-17 16:30:00
CVE-2009-1897
2009-07-20 17:30:54
debiancve
debiancve
CVE-2009-1894
2009-07-17 16:30:00
ubuntucve
ubuntucve
CVE-2009-1894
2009-07-17 00:00:00
CVE-2009-1897
2009-07-20 00:00:00
debian
debian
[SECURITY] [DSA 1838-1] New pulseaudio packages fix privilege escalation
2009-07-18 12:18:19
gentoo
gentoo
PulseAudio: Local privilege escalation
2009-07-16 00:00:00
osv
osv
pulseaudio - privilege escalation
2009-07-18 00:00:00
seebug
seebug
Linux Kernel tun_chr_pool()ε½ζ°η©ΊζιεΌη¨ζΌζ΄
2009-07-20 00:00:00
GNU C library dynamic linker $ORIGIN expansion Vulnerability
2014-07-01 00:00:00
exploitpack
exploitpack
GNU C library dynamic linker - $ORIGIN Expansion
2010-10-18 00:00:00
packetstorm
packetstorm
GNU C Library Dynamic Linker $ORIGIN Expansion Vulnerability
2010-10-19 00:00:00
exploitdb
exploitdb
GNU C library dynamic linker - '$ORIGIN' Expansion
2010-10-18 00:00:00
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.2 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
0.4%
Related for USN-804-1