Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-1894

Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.

Related bugs and status

CVE-2009-1894 (Candidate) is related to these bugs:

Bug #400804: Please update PulseAudio to fix security vulnerability

Summary				In	Importance	Status
	400804	Please update PulseAudio to fix security vulnerability		The Dell Mini Project	Undecided	Fix Committed

See the

CVE page on Mitre.org for more details.

References

MISC: http://blog.cr0.org/20...
MISC: http://taviso.decsyste...
MISC: http://www.akitasecuri...
MISC: http://www.securityfoc...
MISC: http://www.securityfoc...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.debian.org/...
MISC: http://security.gentoo...
MISC: http://www.mandriva.co...
MISC: http://www.mandriva.co...
MISC: https://bugzilla.redha...
MISC: http://www.ubuntu.com/...
MISC: https://admin.fedorapr...
MISC: https://exchange.xforc...