Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1299

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2009-1299
Last Modified 29 Jun 2010 07:04:40
Published 18 Mar 2010 01:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1299

Summary

The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.

Vulnerable Systems

Application

  • Pulseaudio 0.9.10

  • Pulseaudio 0.9.19


References

CONFIRM - https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008

VUPEN - ADV-2010-1570

MANDRIVA - MDVSA-2010:124

DEBIAN - DSA-2017

CONFIRM - http://git.0pointer.de/?p=pulseaudio.git;a=patch;h=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615


Last Updated: 27 May 2016 10:50:31