Описание
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
Ссылки
- Third Party Advisory
- Exploit
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Vendor Advisory
- Issue Tracking
- Issue Tracking
- VDB Entry
- Broken Link
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Exploit
Уязвимые конфигурации
Одновременно
Одно из
Одно из
EPSS
7.2 High
CVSS2
Дефекты
Связанные уязвимости
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 bui ...
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
EPSS
7.2 High
CVSS2