cpe:/a:pulseaudio:pulseaudio:0.9.9 cpe:/a:pulseaudio:pulseaudio:0.9.10 cpe:/a:pulseaudio:pulseaudio:0.9.14 CVE-2009-1894 2009-07-17T12:30:00.920-04:00 2017-08-16T21:30:33.507-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-07-17T13:24:00.000-04:00 BUGTRAQ 20090717 PulseAudio local race condition privilege escalation vulnerability BID 35721 SECUNIA 35868 SECUNIA 35886 SECUNIA 35896 DEBIAN DSA-1838 GENTOO GLSA-200907-13 MANDRIVA MDVSA-2009:152 MANDRIVA MDVSA-2009:171 UBUNTU USN-804-1 MISC http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html MISC http://taviso.decsystem.org/research.html MISC http://www.akitasecurity.nl/advisory.php?id=AK20090602 CONFIRM https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=510071 XF pulseaudio-suid-privilege-escalation(51804) Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.