The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pulseaudio pulseaudio 0.9.10 |
||
pulseaudio pulseaudio 0.9.19 |