Description
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
References (18)
Core 18
Core References
Broken Link mailing-list
x_refsource_mlist
https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=425481
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html
VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39992
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:027
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27449
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28623
Exploit x_refsource_confirm
http://pulseaudio.org/changeset/2100
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0283
Third Party Advisory x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=207214
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1476
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200802-07.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28738
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-573-1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28952
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28608
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=347822
Scores
EPSS
0.0056
EPSS Percentile
42.5%
Details
CWE
CWE-20
Status
published
Products (2)
pulseaudio/pulseaudio
0.9.6
pulseaudio/pulseaudio
0.9.8
Published
Jan 29, 2008
Tracked Since
Feb 18, 2026