// For flags

CVE-2009-1894

PulseAudio setuid (Ubuntu 9.04 / Slackware 12.2.0) - Local Privilege Escalation

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.

Condición de carrera en PulseAudio v0.9.9, v0.9.10, y v0.9.14 permite a usuarios locales conseguir privilegios a través de vectores que implican la creación de "hard links", relativo a fijar la configuración de LD_BIND_NOW a 1, y entonces, llamar a execv con el objetivo /proc/self/exe symlink.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-06-02 CVE Reserved
  • 2009-07-17 CVE Published
  • 2009-07-20 First Exploit
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Pulseaudio
Search vendor "Pulseaudio"
Pulseaudio
Search vendor "Pulseaudio" for product "Pulseaudio"
0.9.9
Search vendor "Pulseaudio" for product "Pulseaudio" and version "0.9.9"
-
Affected
Pulseaudio
Search vendor "Pulseaudio"
Pulseaudio
Search vendor "Pulseaudio" for product "Pulseaudio"
0.9.10
Search vendor "Pulseaudio" for product "Pulseaudio" and version "0.9.10"
-
Affected
Pulseaudio
Search vendor "Pulseaudio"
Pulseaudio
Search vendor "Pulseaudio" for product "Pulseaudio"
0.9.14
Search vendor "Pulseaudio" for product "Pulseaudio" and version "0.9.14"
-
Affected