CVE-2007-1804

PulseAudio 0.9.5 - Denial of Service via Malformed Packets on TCP/UDP Ports

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1804. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The provided text describes a remote denial-of-service vulnerability in PulseAudio 0.9.5, where attackers can exhaust system resources, rendering the software unresponsive. No actual exploit code is included, only a reference to a binary exploit.

Description

PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textdoslinux

https://www.exploit-db.com/exploits/29809

View Code ZIP pw:eip

The provided text describes a remote denial-of-service vulnerability in PulseAudio 0.9.5, where attackers can exhaust system resources, rendering the software unresponsive. No actual exploit code is included, only a reference to a binary exploit.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Theoretical

Target: PulseAudio 0.9.5

No auth needed

Prerequisites: Network access to the vulnerable PulseAudio instance

MITRE ATT&CK