Search criteria
7 vulnerabilities by pulseaudio
CVE-2024-11586 (GCVE-0-2024-11586)
Vulnerability from cvelistv5 – Published: 2024-11-23 02:05 – Updated: 2024-11-25 17:32
VLAI?
Summary
Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected.
Severity ?
4 (Medium)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Ubuntu's pulseaudio |
Affected:
0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T17:32:19.469940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:32:23.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "pulseaudio",
"platforms": [
"Linux"
],
"product": "Ubuntu\u0027s pulseaudio",
"repo": "https://launchpad.net/ubuntu/+source/pulseaudio",
"vendor": "Canonical Ltd.",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ubuntu\u0027s implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T02:05:58.503Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2078822"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11586"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-11586",
"datePublished": "2024-11-23T02:05:58.503Z",
"dateReserved": "2024-11-20T23:26:19.179Z",
"dateUpdated": "2024-11-25T17:32:23.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11931 (GCVE-0-2020-11931)
Vulnerability from cvelistv5 – Published: 2020-05-15 03:25 – Updated: 2024-09-17 00:41
VLAI?
Summary
An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical | pulseaudio |
Affected:
1:8.0 , < 1:8.0-0ubuntu3.12
(custom)
Affected: 1:11.1 , < 1:11.1-1ubuntu7.7 (custom) Affected: 1:13.0 , < 1:13.0-1ubuntu1.2 (custom) Affected: 1:13.99.1 , < 1:13.99.1-1ubuntu3.2 (custom) |
Credits
James Henstridge
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3"
},
{
"name": "USN-4355-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4355-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pulseaudio",
"vendor": "Canonical",
"versions": [
{
"lessThan": "1:8.0-0ubuntu3.12",
"status": "affected",
"version": "1:8.0",
"versionType": "custom"
},
{
"lessThan": "1:11.1-1ubuntu7.7",
"status": "affected",
"version": "1:11.1",
"versionType": "custom"
},
{
"lessThan": "1:13.0-1ubuntu1.2",
"status": "affected",
"version": "1:13.0",
"versionType": "custom"
},
{
"lessThan": "1:13.99.1-1ubuntu3.2",
"status": "affected",
"version": "1:13.99.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Henstridge"
}
],
"datePublic": "2020-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-18T18:06:14",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3"
},
{
"name": "USN-4355-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4355-1/"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4355-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1877102"
],
"discovery": "INTERNAL"
},
"title": "Ubuntu modifications to pulseaudio to provide snap security enforcement could be unloaded",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-04-16T00:00:00.000Z",
"ID": "CVE-2020-11931",
"STATE": "PUBLIC",
"TITLE": "Ubuntu modifications to pulseaudio to provide snap security enforcement could be unloaded"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pulseaudio",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1:8.0",
"version_value": "1:8.0-0ubuntu3.12"
},
{
"version_affected": "\u003c",
"version_name": "1:11.1",
"version_value": "1:11.1-1ubuntu7.7"
},
{
"version_affected": "\u003c",
"version_name": "1:13.0",
"version_value": "1:13.0-1ubuntu1.2"
},
{
"version_affected": "\u003c",
"version_name": "1:13.99.1",
"version_value": "1:13.99.1-1ubuntu3.2"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "James Henstridge"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3",
"refsource": "MISC",
"url": "https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3"
},
{
"name": "USN-4355-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4355-1/"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4355-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1877102"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-11931",
"datePublished": "2020-05-15T03:25:11.587553Z",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-09-17T00:41:25.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3970 (GCVE-0-2014-3970)
Vulnerability from cvelistv5 – Published: 2014-06-11 14:00 – Updated: 2024-08-06 10:57
VLAI?
Summary
The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67814",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67814"
},
{
"name": "MDVSA-2015:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:134"
},
{
"name": "[oss-security] 20140604 CVE request: PulseAudio crash due to empty UDP packet",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/429"
},
{
"name": "[pulseaudio-discuss] 20140531 Remotely triggerable crash in module-rtp-recv",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0440.html"
},
{
"name": "60624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60624"
},
{
"name": "[oss-security] 20140604 Re: CVE request: PulseAudio crash due to empty UDP packet",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "67814",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67814"
},
{
"name": "MDVSA-2015:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:134"
},
{
"name": "[oss-security] 20140604 CVE request: PulseAudio crash due to empty UDP packet",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/429"
},
{
"name": "[pulseaudio-discuss] 20140531 Remotely triggerable crash in module-rtp-recv",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0440.html"
},
{
"name": "60624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60624"
},
{
"name": "[oss-security] 20140604 Re: CVE request: PulseAudio crash due to empty UDP packet",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67814"
},
{
"name": "MDVSA-2015:134",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:134"
},
{
"name": "[oss-security] 20140604 CVE request: PulseAudio crash due to empty UDP packet",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/429"
},
{
"name": "[pulseaudio-discuss] 20140531 Remotely triggerable crash in module-rtp-recv",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0440.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0440.html"
},
{
"name": "60624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60624"
},
{
"name": "[oss-security] 20140604 Re: CVE request: PulseAudio crash due to empty UDP packet",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3970",
"datePublished": "2014-06-11T14:00:00",
"dateReserved": "2014-06-04T00:00:00",
"dateUpdated": "2024-08-06T10:57:18.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1299 (GCVE-0-2009-1299)
Vulnerability from cvelistv5 – Published: 2010-03-18 17:12 – Updated: 2024-08-07 05:04
VLAI?
Summary
The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.0pointer.de/?p=pulseaudio.git%3Ba=patch%3Bh=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee"
},
{
"name": "MDVSA-2010:124",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:124"
},
{
"name": "ADV-2010-1570",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1570"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615"
},
{
"name": "DSA-2017",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-30T09:00:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.0pointer.de/?p=pulseaudio.git%3Ba=patch%3Bh=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee"
},
{
"name": "MDVSA-2010:124",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:124"
},
{
"name": "ADV-2010-1570",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1570"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615"
},
{
"name": "DSA-2017",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2009-1299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008",
"refsource": "CONFIRM",
"url": "https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008"
},
{
"name": "http://git.0pointer.de/?p=pulseaudio.git;a=patch;h=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee",
"refsource": "CONFIRM",
"url": "http://git.0pointer.de/?p=pulseaudio.git;a=patch;h=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee"
},
{
"name": "MDVSA-2010:124",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:124"
},
{
"name": "ADV-2010-1570",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1570"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615"
},
{
"name": "DSA-2017",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2009-1299",
"datePublished": "2010-03-18T17:12:00",
"dateReserved": "2009-04-15T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1894 (GCVE-0-2009-1894)
Vulnerability from cvelistv5 – Published: 2009-07-17 16:00 – Updated: 2024-08-07 05:27
VLAI?
Summary
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35868",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35868"
},
{
"name": "MDVSA-2009:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:171"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html"
},
{
"name": "pulseaudio-suid-privilege-escalation(51804)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51804"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.akitasecurity.nl/advisory.php?id=AK20090602"
},
{
"name": "MDVSA-2009:152",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:152"
},
{
"name": "35886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35886"
},
{
"name": "35721",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35721"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510071"
},
{
"name": "20090717 PulseAudio local race condition privilege escalation vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505052/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2"
},
{
"name": "DSA-1838",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1838"
},
{
"name": "35896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35896"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://taviso.decsystem.org/research.html"
},
{
"name": "GLSA-200907-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-13.xml"
},
{
"name": "USN-804-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-804-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "35868",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35868"
},
{
"name": "MDVSA-2009:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:171"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html"
},
{
"name": "pulseaudio-suid-privilege-escalation(51804)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51804"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.akitasecurity.nl/advisory.php?id=AK20090602"
},
{
"name": "MDVSA-2009:152",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:152"
},
{
"name": "35886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35886"
},
{
"name": "35721",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35721"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510071"
},
{
"name": "20090717 PulseAudio local race condition privilege escalation vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505052/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2"
},
{
"name": "DSA-1838",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1838"
},
{
"name": "35896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35896"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://taviso.decsystem.org/research.html"
},
{
"name": "GLSA-200907-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-13.xml"
},
{
"name": "USN-804-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-804-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1894",
"datePublished": "2009-07-17T16:00:00",
"dateReserved": "2009-06-02T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0008 (GCVE-0-2008-0008)
Vulnerability from cvelistv5 – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:32
VLAI?
Summary
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:027"
},
{
"name": "27449",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27449"
},
{
"name": "28623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28623"
},
{
"name": "[pulseaudio-discuss] 20080124 [ANNOUNCE] PulseAudio 0.9.9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pulseaudio.org/changeset/2100"
},
{
"name": "ADV-2008-0283",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0283"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207214"
},
{
"name": "DSA-1476",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1476"
},
{
"name": "FEDORA-2008-0963",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425481"
},
{
"name": "GLSA-200802-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-07.xml"
},
{
"name": "FEDORA-2008-0994",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html"
},
{
"name": "28738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28738"
},
{
"name": "pulseaudio-padroproot-privilege-escalation(39992)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39992"
},
{
"name": "USN-573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-573-1"
},
{
"name": "28952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28952"
},
{
"name": "28608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=347822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2008:027",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:027"
},
{
"name": "27449",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27449"
},
{
"name": "28623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28623"
},
{
"name": "[pulseaudio-discuss] 20080124 [ANNOUNCE] PulseAudio 0.9.9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pulseaudio.org/changeset/2100"
},
{
"name": "ADV-2008-0283",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0283"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207214"
},
{
"name": "DSA-1476",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1476"
},
{
"name": "FEDORA-2008-0963",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425481"
},
{
"name": "GLSA-200802-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-07.xml"
},
{
"name": "FEDORA-2008-0994",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html"
},
{
"name": "28738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28738"
},
{
"name": "pulseaudio-padroproot-privilege-escalation(39992)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39992"
},
{
"name": "USN-573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-573-1"
},
{
"name": "28952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28952"
},
{
"name": "28608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=347822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-0008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:027",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:027"
},
{
"name": "27449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27449"
},
{
"name": "28623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28623"
},
{
"name": "[pulseaudio-discuss] 20080124 [ANNOUNCE] PulseAudio 0.9.9",
"refsource": "MLIST",
"url": "https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html"
},
{
"name": "http://pulseaudio.org/changeset/2100",
"refsource": "CONFIRM",
"url": "http://pulseaudio.org/changeset/2100"
},
{
"name": "ADV-2008-0283",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0283"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=207214",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207214"
},
{
"name": "DSA-1476",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1476"
},
{
"name": "FEDORA-2008-0963",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=425481",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425481"
},
{
"name": "GLSA-200802-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-07.xml"
},
{
"name": "FEDORA-2008-0994",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html"
},
{
"name": "28738",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28738"
},
{
"name": "pulseaudio-padroproot-privilege-escalation(39992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39992"
},
{
"name": "USN-573-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-573-1"
},
{
"name": "28952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28952"
},
{
"name": "28608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28608"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=347822",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=347822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-0008",
"datePublished": "2008-01-28T23:00:00",
"dateReserved": "2007-12-03T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1804 (GCVE-0-2007-1804)
Vulnerability from cvelistv5 – Published: 2007-04-02 23:00 – Updated: 2024-08-07 13:06
VLAI?
Summary
PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25431"
},
{
"name": "MDVSA-2008:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:065"
},
{
"name": "ADV-2007-1214",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1214"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/pulsex-adv.txt"
},
{
"name": "pulseaudio-assert-dos(33315)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33315"
},
{
"name": "SUSE-SR:2007:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"name": "23240",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23240"
},
{
"name": "USN-465-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-465-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/poc/pulsex.zip"
},
{
"name": "25787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p-\u003eexport assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25431"
},
{
"name": "MDVSA-2008:065",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:065"
},
{
"name": "ADV-2007-1214",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1214"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/pulsex-adv.txt"
},
{
"name": "pulseaudio-assert-dos(33315)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33315"
},
{
"name": "SUSE-SR:2007:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"name": "23240",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23240"
},
{
"name": "USN-465-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-465-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/poc/pulsex.zip"
},
{
"name": "25787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p-\u003eexport assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25431"
},
{
"name": "MDVSA-2008:065",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:065"
},
{
"name": "ADV-2007-1214",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1214"
},
{
"name": "http://aluigi.altervista.org/adv/pulsex-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/pulsex-adv.txt"
},
{
"name": "pulseaudio-assert-dos(33315)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33315"
},
{
"name": "SUSE-SR:2007:013",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"name": "23240",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23240"
},
{
"name": "USN-465-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-465-1"
},
{
"name": "http://aluigi.org/poc/pulsex.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/pulsex.zip"
},
{
"name": "25787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1804",
"datePublished": "2007-04-02T23:00:00",
"dateReserved": "2007-04-02T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}