MDVSA-2009:152 -- Mandriva pulseaudioID: oval:org.secpod.oval:def:301222 | Date: (C)2012-01-07 (M)2023-02-20 |
Class: PATCH | Family: unix |
A vulnerability has been found and corrected in pulseaudio: Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that pulseaudio, when installed setuid root, does not drop privileges before re-executing itself to achieve immediate bindings. This can be exploited by a user who has write access to any directory on the file system containing /usr/bin to gain local root access. The user needs to exploit a race condition related to creating a hard link . This update provides fixes for this vulnerability.
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2009.1 |
Mandriva Linux 2008.1 |