Gentoo Archives: gentoo-announce

From: Pierre-Yves Rofes <py@g.o>
To: gentoo-announce@l.g.o
Cc: full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200802-07 ] Pulseaudio: Privilege escalation
Date: Wed, 13 Feb 2008 22:57:21
Message-Id: 47B37540.5050904@gentoo.org
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5 Gentoo Linux Security Advisory GLSA 200802-07
6 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7 http://security.gentoo.org/
8 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10 Severity: High
11 Title: Pulseaudio: Privilege escalation
12 Date: February 13, 2008
13 Bugs: #207214
14 ID: 200802-07
15
16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18 Synopsis
19 ========
20
21 A vulnerability in pulseaudio may allow a local user to execute actions
22 with escalated privileges.
23
24 Background
25 ==========
26
27 Pulseaudio is a networked sound server with an advanced plugin system.
28
29 Affected packages
30 =================
31
32 -------------------------------------------------------------------
33 Package / Vulnerable / Unaffected
34 -------------------------------------------------------------------
35 1 media-sound/pulseaudio < 0.9.9 >= 0.9.9
36
37 Description
38 ===========
39
40 Marcus Meissner from SUSE reported that the pa_drop_root() function
41 does not properly check the return value of the system calls setuid(),
42 seteuid(), setresuid() and setreuid() when dropping its privileges.
43
44 Impact
45 ======
46
47 A local attacker could cause a resource exhaustion to make the system
48 calls fail, which would cause Pulseaudio to run as root. The attacker
49 could then perform actions with root privileges.
50
51 Workaround
52 ==========
53
54 There is no known workaround at this time.
55
56 Resolution
57 ==========
58
59 All Pulseaudio users should upgrade to the latest version:
60
61 # emerge --sync
62 # emerge --ask --oneshot --verbose ">=media-sound/pulseaudio-0.9.9"
63
64 References
65 ==========
66
67 [ 1 ] CVE-2008-0008
68 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0008
69
70 Availability
71 ============
72
73 This GLSA and any updates to it are available for viewing at
74 the Gentoo Security Website:
75
76 http://security.gentoo.org/glsa/glsa-200802-07.xml
77
78 Concerns?
79 =========
80
81 Security is a primary focus of Gentoo Linux and ensuring the
82 confidentiality and security of our users machines is of utmost
83 importance to us. Any security concerns should be addressed to
84 security@g.o or alternatively, you may file a bug at
85 http://bugs.gentoo.org.
86
87 License
88 =======
89
90 Copyright 2008 Gentoo Foundation, Inc; referenced text
91 belongs to its owner(s).
92
93 The contents of this document are licensed under the
94 Creative Commons - Attribution / Share Alike license.
95
96 http://creativecommons.org/licenses/by-sa/2.5
97 -----BEGIN PGP SIGNATURE-----
98 Version: GnuPG v2.0.7 (GNU/Linux)
99 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
100
101 iD8DBQFHs3VAuhJ+ozIKI5gRArmoAJ9SCqxjbnAssnUt34QI8HtpLXzg8QCfQ1tl
102 25xRVcl7FL2lc0RTu8mGqgo=
103 =cDWF
104 -----END PGP SIGNATURE-----
105 --
106 gentoo-announce@l.g.o mailing list