cpe:/a:pulseaudio:pulseaudio:0.9.6 cpe:/a:pulseaudio:pulseaudio:0.9.8 CVE-2008-0008 2008-01-28T19:00:00.000-05:00 2017-07-28T21:34:06.727-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-29T12:18:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 27449 SECUNIA 28608 SECUNIA 28623 SECUNIA 28738 SECUNIA 28952 VUPEN ADV-2008-0283 DEBIAN DSA-1476 FEDORA FEDORA-2008-0963 FEDORA FEDORA-2008-0994 GENTOO GLSA-200802-07 MANDRIVA MDVSA-2008:027 UBUNTU USN-573-1 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=207214 CONFIRM http://pulseaudio.org/changeset/2100 CONFIRM https://bugzilla.novell.com/show_bug.cgi?id=347822 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=425481 XF pulseaudio-padroproot-privilege-escalation(39992) The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.