1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Candidate: CVE-2009-1299
PublicDate: 2010-03-18
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1299
Description:
The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and
0.9.19 allows local users to change the ownership and permissions of
arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.
Ubuntu-Description:
Notes:
Bugs:
https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615
Priority: low
Discovered-by: Dan Rosenberg
Assigned-to:
Patches_pulseaudio:
upstream: http://git.0pointer.de/?p=pulseaudio.git;a=patch;h=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee
upstream_pulseaudio: released (0.9.22)
dapper_pulseaudio: DNE
hardy_pulseaudio: ignored (reached end-of-life)
intrepid_pulseaudio: needed (reached end-of-life)
jaunty_pulseaudio: ignored (reached end-of-life)
karmic_pulseaudio: ignored (reached end-of-life)
lucid_pulseaudio: released (1:0.9.22~0.9.21+stable-queue-32-g8478-0ubuntu12)
maverick_pulseaudio: not-affected
natty_pulseaudio: not-affected
devel_pulseaudio: not-affected
|