Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2009-1299

Published: 18/03/2010 Updated: 07/11/2023
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Pulseaudio

Vulnerability Summary

The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.

Vulnerable Product Search on Vulmon Subscribe to Product

pulseaudio pulseaudio 0.9.10

pulseaudio pulseaudio 0.9.19

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2009-1299: insecure temporary file creation
Debian Bug report logs - #573615 CVE-2009-1299: insecure temporary file creation Package: pulseaudio; Maintainer for pulseaudio is Pulseaudio maintenance team <pkg-pulseaudio-devel@listsaliothdebianorg>; Source for pulseaudio is src:pulseaudio (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <iuculano@debianorg&gt ...

References

CWE-59https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615http://www.debian.org/security/2010/dsa-2017http://www.mandriva.com/security/advisories?name=MDVSA-2010:124http://www.vupen.com/english/advisories/2010/1570http://git.0pointer.de/?p=pulseaudio.git%3Ba=patch%3Bh=d3efa43d85ac132c6a5a416a2b6f2115f5d577eehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook