Required CVE Record Information
Description
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.
References 16 Total
- secunia.com: 35868 third-party-advisory
- mandriva.com: MDVSA-2009:171 vendor-advisory
- http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html
- exchange.xforce.ibmcloud.com: pulseaudio-suid-privilege-escalation(51804) vdb-entry
- http://www.akitasecurity.nl/advisory.php?id=AK20090602
- mandriva.com: MDVSA-2009:152 vendor-advisory
- secunia.com: 35886 third-party-advisory
- securityfocus.com: 35721 vdb-entry
- https://bugzilla.redhat.com/show_bug.cgi?id=510071
- securityfocus.com: 20090717 PulseAudio local race condition privilege escalation vulnerability mailing-list
- https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2
- debian.org: DSA-1838 vendor-advisory
- secunia.com: 35896 third-party-advisory
- http://taviso.decsystem.org/research.html
- security.gentoo.org: GLSA-200907-13 vendor-advisory
- ubuntu.com: USN-804-1 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 16 Total
- secunia.com: 35868 third-party-advisoryx_transferred
- mandriva.com: MDVSA-2009:171 vendor-advisoryx_transferred
- http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html x_transferred
- exchange.xforce.ibmcloud.com: pulseaudio-suid-privilege-escalation(51804) vdb-entryx_transferred
- http://www.akitasecurity.nl/advisory.php?id=AK20090602 x_transferred
- mandriva.com: MDVSA-2009:152 vendor-advisoryx_transferred
- secunia.com: 35886 third-party-advisoryx_transferred
- securityfocus.com: 35721 vdb-entryx_transferred
- https://bugzilla.redhat.com/show_bug.cgi?id=510071 x_transferred
- securityfocus.com: 20090717 PulseAudio local race condition privilege escalation vulnerability mailing-listx_transferred
- https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2 x_transferred
- debian.org: DSA-1838 vendor-advisoryx_transferred
- secunia.com: 35896 third-party-advisoryx_transferred
- http://taviso.decsystem.org/research.html x_transferred
- security.gentoo.org: GLSA-200907-13 vendor-advisoryx_transferred
- ubuntu.com: USN-804-1 vendor-advisoryx_transferred