syslog.0/user.log DoS attacked by PulseAudio/ALSA

Bug #323712 reported by Hebert on 2009-01-31
4
Affects Status Importance Assigned to Milestone
PulseAudio
New
Undecided
Unassigned
pulseaudio (Ubuntu)
Low
Unassigned

Bug Description

Binary package hint: rsyslog

This is a very NASTY bug.

PulseAudio/ALSA is flooding (DoS) syslog/user.log with the following message:

pulseaudio[4044]: module-alsa-sink.c: ALSA woke us up to write new data to the device, but there was actually nothing to write! Most likely this is an ALSA driver bug. Please report this issue to the ALSA developers. We were woken up with POLLOUT set -- however a subsequent snd_pcm_avail_update() returned 0.

it is crashing the system.

My / (6GB root) partition is full, unbearable to use jaunty. I can't even listen to online music.

Each file has a size of 1.2GB, and I already deleted it, but is only necessary a couple of hours to reach 1.2 GB (each) again!

alsa-base:
  Instalado: 1.0.18.dfsg-1ubuntu2
  Candidato: 1.0.18.dfsg-1ubuntu2
  Tabela de versão:
 *** 1.0.18.dfsg-1ubuntu2 0
        500 http://archive.ubuntu.com jaunty/main Packages
        100 /var/lib/dpkg/status

pulseaudio:
  Instalado: 0.9.14-0ubuntu2
  Candidato: 0.9.14-0ubuntu2
  Tabela de versão:
 *** 0.9.14-0ubuntu2 0
        500 http://archive.ubuntu.com jaunty/main Packages
        100 /var/lib/dpkg/status

Distributor ID: Ubuntu
Description: Ubuntu jaunty (development branch)
Release: 9.04
Codename: jaunty

more info at: https://bugzilla.redhat.com/show_bug.cgi?id=478912

Anyone?

Marc Deslauriers (mdeslaur) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

Daniel T Chen (crimsun) wrote :

rate limiting added in 0.9.15-test*

Changed in rsyslog:
importance: Undecided → Low
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pulseaudio - 0.9.14-0ubuntu6

---------------
pulseaudio (0.9.14-0ubuntu6) jaunty; urgency=low

  * 0004_disable_autospawn.patch: Disable this patch. Doing so
    allows the daemon to spawn if not already running, which
    works around LP: #191027, #204272
  * 0012_clarify_driver_error_redirect_to_alsa_devs.patch:
    - Only log POLL* being set if tsched is used so that syslog
      isn't filled with innocuous messages when we set tsched=0
      (see 0030 below) (LP: #323712),
    - Hint 'linux' source package instead of 'alsa-driver' for
      Launchpad bug reports,
    - The debug-specific portion is only applicable to 0.9.14;
      0.9.15 enables a rate limiting module by default to work
      around this (and other) issues
  * 0029_fix_suspend_on_idle_null_race.patch: Handle sink case,
    too
  * 0030_set_tsched0.patch: Work around a shedload of (driver)
    bugs by falling back to interrupt-based buffer semantics
    (LP: #190754, #292880, #295519, #298494, #301755, #302964,
     LP: #319118, #323976, #324103, #326205, #326864)
  * Backport fixes from git HEAD:
    - 0031_fix_6chan_map.patch,
    - 0032_reinit_proplist.patch,
    - 0033_fix_pa-gcc-packedmalloc.patch,
    - 0034_bt_fixes.patch
  * Make invoking the stop target in the initscript not fail an
    upgrade (LP: #317921)
  * Previous upload (0.9.14-0ubuntu3) fixed LP: #321357
  * 01PulseAudio: use sudo -H to ensure that $HOME is, in fact,
    the user's when invoking pacmd for suspend/resume

 -- Daniel T Chen <email address hidden> Sun, 15 Feb 2009 02:35:26 -0500

Changed in pulseaudio:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers