Vulnerability Details : CVE-2008-0008
Potential exploit
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
Products affected by CVE-2008-0008
- cpe:2.3:a:pulseaudio:pulseaudio:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:pulseaudio:pulseaudio:0.9.8:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-0008
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0008
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2008-0008
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0008
-
http://secunia.com/advisories/28952
About Secunia Research | FlexeraVendor Advisory
-
http://www.ubuntu.com/usn/usn-573-1
USN-573-1: PulseAudio vulnerability | Ubuntu security notices | UbuntuThird Party Advisory
-
http://bugs.gentoo.org/show_bug.cgi?id=207214
207214 – (CVE-2008-0008) media-sound/pulseaudio < 0.9.9 Pulseaudio ignores setuid() return value (CVE-2008-0008)Third Party Advisory
-
https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html
Broken Link
-
http://secunia.com/advisories/28608
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/28738
About Secunia Research | FlexeraVendor Advisory
-
http://www.vupen.com/english/advisories/2008/0283
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
-
http://www.securityfocus.com/bid/27449
Third Party Advisory;VDB Entry
-
http://security.gentoo.org/glsa/glsa-200802-07.xml
Pulseaudio: Privilege escalation (GLSA 200802-07) — Gentoo securityThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39992
PulseAudio pa_drop_root function privilege escalation CVE-2008-0008 Vulnerability ReportVDB Entry
-
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html
[SECURITY] Fedora 7 Update: pulseaudio-0.9.6-2.fc7.1Third Party Advisory
-
http://www.debian.org/security/2008/dsa-1476
[SECURITY] [DSA 1476-1] New pulseaudio packages fix privilege escalationThird Party Advisory
-
https://bugzilla.novell.com/show_bug.cgi?id=347822
Access DeniedIssue Tracking
-
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html
[SECURITY] Fedora 8 Update: pulseaudio-0.9.8-5.fc8Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:027
Advisories | MandrivaThird Party Advisory
-
http://secunia.com/advisories/28623
About Secunia Research | FlexeraVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=425481
425481 – (CVE-2008-0008) CVE-2008-0008 Pulseaudio ignores setuid() return valueIssue Tracking
-
http://pulseaudio.org/changeset/2100
404 Not FoundExploit
Jump to