CVE-2009-1299

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-1299 at MITRE

Description

The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.

NVD CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 584938

SUSE Security Advisories:

SUSE-SR:2010:007, published Tue, 30 Mar 2010 10:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 11.0	`pulseaudio-debuginfo >= 0.9.10-26.7` `pulseaudio-debugsource >= 0.9.10-26.7`
openSUSE 11.0	`libpulse-browse0 >= 0.9.10-26.7` `libpulse-devel >= 0.9.10-26.7` `libpulse-mainloop-glib0 >= 0.9.10-26.7` `libpulse0 >= 0.9.10-26.7` `libpulse0-32bit >= 0.9.10-26.7` `libpulse0-64bit >= 0.9.10-26.7` `libpulsecore4 >= 0.9.10-26.7` `pulseaudio >= 0.9.10-26.7` `pulseaudio-esound-compat >= 0.9.10-26.7` `pulseaudio-module-bluetooth >= 0.9.10-26.7` `pulseaudio-module-gconf >= 0.9.10-26.7` `pulseaudio-module-jack >= 0.9.10-26.7` `pulseaudio-module-lirc >= 0.9.10-26.7` `pulseaudio-module-x11 >= 0.9.10-26.7` `pulseaudio-module-zeroconf >= 0.9.10-26.7` `pulseaudio-utils >= 0.9.10-26.7`
openSUSE 11.1	`pulseaudio-debuginfo >= 0.9.14-2.3.1` `pulseaudio-debugsource >= 0.9.14-2.3.1`
openSUSE 11.1	`libpulse-browse0 >= 0.9.14-2.3.1` `libpulse-devel >= 0.9.14-2.3.1` `libpulse-mainloop-glib0 >= 0.9.14-2.3.1` `libpulse0 >= 0.9.14-2.3.1` `libpulse0-32bit >= 0.9.14-2.3.1` `pulseaudio >= 0.9.14-2.3.1` `pulseaudio-esound-compat >= 0.9.14-2.3.1` `pulseaudio-lang >= 0.9.14-2.3.1` `pulseaudio-module-bluetooth >= 0.9.14-2.3.1` `pulseaudio-module-gconf >= 0.9.14-2.3.1` `pulseaudio-module-jack >= 0.9.14-2.3.1` `pulseaudio-module-lirc >= 0.9.14-2.3.1` `pulseaudio-module-x11 >= 0.9.14-2.3.1` `pulseaudio-module-zeroconf >= 0.9.14-2.3.1` `pulseaudio-utils >= 0.9.14-2.3.1`
openSUSE 11.2	`libpulse-browse0-debuginfo >= 0.9.21-1.2.1` `libpulse-mainloop-glib0-debuginfo >= 0.9.21-1.2.1` `libpulse0-debuginfo >= 0.9.21-1.2.1` `libpulse0-debuginfo-32bit >= 0.9.21-1.2.1` `pulseaudio-debuginfo >= 0.9.21-1.2.1` `pulseaudio-debugsource >= 0.9.21-1.2.1` `pulseaudio-module-bluetooth-debuginfo >= 0.9.21-1.2.1` `pulseaudio-module-gconf-debuginfo >= 0.9.21-1.2.1` `pulseaudio-module-jack-debuginfo >= 0.9.21-1.2.1` `pulseaudio-module-lirc-debuginfo >= 0.9.21-1.2.1` `pulseaudio-module-x11-debuginfo >= 0.9.21-1.2.1` `pulseaudio-module-zeroconf-debuginfo >= 0.9.21-1.2.1` `pulseaudio-utils-debuginfo >= 0.9.21-1.2.1`
openSUSE 11.2	`libpulse-browse0 >= 0.9.21-1.2.1` `libpulse-devel >= 0.9.21-1.2.1` `libpulse-mainloop-glib0 >= 0.9.21-1.2.1` `libpulse0 >= 0.9.21-1.2.1` `libpulse0-32bit >= 0.9.21-1.2.1` `pulseaudio >= 0.9.21-1.2.1` `pulseaudio-esound-compat >= 0.9.21-1.2.1` `pulseaudio-gdm-hooks >= 0.9.21-1.2.1` `pulseaudio-lang >= 0.9.21-1.2.1` `pulseaudio-module-bluetooth >= 0.9.21-1.2.1` `pulseaudio-module-gconf >= 0.9.21-1.2.1` `pulseaudio-module-jack >= 0.9.21-1.2.1` `pulseaudio-module-lirc >= 0.9.21-1.2.1` `pulseaudio-module-x11 >= 0.9.21-1.2.1` `pulseaudio-module-zeroconf >= 0.9.21-1.2.1` `pulseaudio-utils >= 0.9.21-1.2.1`

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy