CVE-2009-1894

Published: 17/07/2009 Updated: 13/02/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 730

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pulseaudio pulseaudio 0.9.10
pulseaudio pulseaudio 0.9.9
pulseaudio pulseaudio 0.9.14

Tavis Ormandy, Julien Tinnes, and Yorick Koster discovered that PulseAudio did not safely re-execute itself A local attacker could exploit this to gain root privileges ...

Debian Bug report logs - #537351 pulsaudio: CVE-2009-1894 race allows privilege escalation to root Package: pulseaudio; Maintainer for pulseaudio is Pulseaudio maintenance team <pkg-pulseaudio-devel@listsaliothdebianorg>; Source for pulseaudio is src:pulseaudio (PTS, buildd, popcon) Reported by: Nico Golde <nion@debian ...

PulseAudio setuid Local Privilege Escalation Vulnerability wwwsecurityfocuscom/bid/35721 Credit for discovery of bug: Tavis Ormandy, Julien Tinnes and Yorick Koster -- Put files in /tmp/pulseaudio-exp (or change configh) Must be on same fs as the pulseaudio binary Goes faster if you already have a pulseaudio running ? :p Tested wi ...

#!/bin/bash pulseaudio=`which pulseaudio` workdir="/tmp" #workdir=$HOME id=`which id` shell=`which sh` trap cleanup INT function cleanup() { rm -f $workdir/sh $workdir/shc $workdir/pa_race $workdir/pa_racec rm -rf $workdir/PATMP* } cat > $workdir/pa_racec << __EOF__ #include <stdioh> #include <stdlibh> #include < ...

The GNU C library dynamic linker suffers from an $ORIGIN expansion vulnerability ...

CWE-362 http://taviso.decsystem.org/research.html https://bugzilla.redhat.com/show_bug.cgi?id=510071 http://www.ubuntu.com/usn/usn-804-1 http://security.gentoo.org/glsa/glsa-200907-13.xml https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2 http://www.securityfocus.com/bid/35721 http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html http://secunia.com/advisories/35868 http://www.mandriva.com/security/advisories?name=MDVSA-2009:152 http://secunia.com/advisories/35886 http://www.debian.org/security/2009/dsa-1838 http://www.mandriva.com/security/advisories?name=MDVSA-2009:171 http://secunia.com/advisories/35896 http://www.akitasecurity.nl/advisory.php?id=AK20090602 https://exchange.xforce.ibmcloud.com/vulnerabilities/51804 http://www.securityfocus.com/archive/1/505052/100/0/threaded https://nvd.nist.gov https://usn.ubuntu.com/804-1/https://www.exploit-db.com/exploits/9208/

CVE-2009-1894

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect