Launchpad CVE tracker

CVE 2008-0008

The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.

Related bugs and status

CVE-2008-0008 (Candidate) is related to these bugs:

Bug #185534: [SECURITY] Fix unchecked setuid() return values (feisty-security, gutsy)

		In	Importance	Status
185534	[SECURITY] Fix unchecked setuid() return values (feisty-security, gutsy)	pulseaudio (Ubuntu)	High	Fix Released
185534	[SECURITY] Fix unchecked setuid() return values (feisty-security, gutsy)	pulseaudio (Ubuntu Feisty)	High	Fix Released
185534	[SECURITY] Fix unchecked setuid() return values (feisty-security, gutsy)	pulseaudio (Ubuntu Gutsy)	High	Fix Released

Bug #186571: [pulseaudio] [CVE-2008-0008] programming error which could lead to localprivilege escalation

Summary				In	Importance	Status
	186571	[pulseaudio] [CVE-2008-0008] programming error which could lead to localprivilege escalation		pulseaudio (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-0008

References