CVE-2008-0008: Input Validation
First published: Fri Dec 14 2007(Updated: )
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/0.9.8 | <5. | 5. |
| All of | ||
| Any of | ||
| Mandrake Linux | =2007.1 | |
| Mandrake Linux | =2007.1 | |
| Mandrake Linux | =2008.0 | |
| Mandrake Linux | =2008.0 | |
| Fedora | =7 | |
| Fedora | =8 | |
| Any of | ||
| PulseAudio | =0.9.6 | |
| PulseAudio | =0.9.8 | |
| Mandrake Linux | =2007.1 | |
| Mandrake Linux | =2007.1 | |
| Mandrake Linux | =2008.0 | |
| Mandrake Linux | =2008.0 | |
| Fedora | =7 | |
| Fedora | =8 | |
| PulseAudio | =0.9.6 | |
| PulseAudio | =0.9.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html
- http://pulseaudio.org/changeset/2100
- https://bugzilla.novell.com/show_bug.cgi?id=347822
- https://bugzilla.redhat.com/show_bug.cgi?id=425481
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html
- http://www.securityfocus.com/bid/27449
- http://secunia.com/advisories/28623
- http://www.debian.org/security/2008/dsa-1476
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:027
- http://secunia.com/advisories/28608
- http://www.ubuntu.com/usn/usn-573-1
- http://secunia.com/advisories/28738
- http://security.gentoo.org/glsa/glsa-200802-07.xml
- http://bugs.gentoo.org/show_bug.cgi?id=207214
- http://secunia.com/advisories/28952
- http://www.vupen.com/english/advisories/2008/0283
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39992
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=290146&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=290146&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=292647&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=292647&action=edit
Frequently Asked Questions
What is the severity of CVE-2008-0008?
CVE-2008-0008 is considered to have a critical impact as it may allow local users to gain elevated privileges.
How do I fix CVE-2008-0008?
To fix CVE-2008-0008, upgrade to PulseAudio version 0.9.9 or later, which addresses the privilege dropping issue.
Which versions of PulseAudio are affected by CVE-2008-0008?
PulseAudio versions 0.9.8 and 0.9.6 are affected by CVE-2008-0008.
Can CVE-2008-0008 affect all Linux distributions?
CVE-2008-0008 primarily affects distributions that utilize the vulnerable versions of PulseAudio, such as certain versions of Red Hat and Mandrake Linux.
Is CVE-2008-0008 a remote vulnerability?
CVE-2008-0008 is not remote; it requires local access to exploit the privilege escalation vulnerability.
- collector/nvd-historical
- agent/references
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-0008
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- vendor/mandrakesoft
- canonical/mandrake linux
- version/mandrake linux/2007.1
- version/mandrake linux/2008.0
- vendor/redhat
- canonical/fedora
- version/fedora/7
- version/fedora/8
- vendor/pulseaudio
- canonical/pulseaudio
- version/pulseaudio/0.9.6
- version/pulseaudio/0.9.8