Gentoo Logo

PulseAudio: Local privilege escalation

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200907-13 / pulseaudio
Release Date July 16, 2009
Latest Revision July 16, 2009: 01
Impact high
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
media-sound/pulseaudio < 0.9.9-r54 >= 0.9.9-r54 All supported architectures

Related bugreports: #276986

Synopsis

A vulnerability in PulseAudio may allow a local user to execute code with escalated privileges.

2.  Impact Information

Background

PulseAudio is a network-enabled sound server with an advanced plug-in system.

Description

Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerability has independently been reported to oCERT by Yorick Koster.

Impact

A local user who has write access to any directory on the file system containing /usr/bin can exploit this vulnerability using a race condition to execute arbitrary code with root privileges.

3.  Resolution Information

Workaround

Ensure that the file system holding /usr/bin does not contain directories that are writable for unprivileged users.

Resolution

All PulseAudio users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/pulseaudio-0.9.9-r54"

4.  References

Print

Page updated July 16, 2009

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.