CVE-2008-0008

PulseAudio 0.9.8-0.9.9 - Privilege Escalation

Title source: llm
STIX 2.1

Description

The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.

References (18)

Core 18
Core References
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=425481
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:027
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27449
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28623
Exploit x_refsource_confirm
http://pulseaudio.org/changeset/2100
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0283
Third Party Advisory x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=207214
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1476
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200802-07.xml
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28738
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-573-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28952
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28608
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=347822

Scores

EPSS 0.0056
EPSS Percentile 42.5%

Details

CWE
CWE-20
Status published
Products (2)
pulseaudio/pulseaudio 0.9.6
pulseaudio/pulseaudio 0.9.8
Published Jan 29, 2008
Tracked Since Feb 18, 2026