Unrated severityNVD Advisory· Published Jan 29, 2008· Updated Jun 16, 2026
CVE-2008-0008
CVE-2008-0008
Description
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:pulseaudio:pulseaudio:0.9.6:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:pulseaudio:pulseaudio:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:pulseaudio:pulseaudio:0.9.8:*:*:*:*:*:*:*
- (no CPE)range: 0.9.8, certain 0.9.9 build
Patches
Vulnerability mechanics
References
18- pulseaudio.org/changeset/2100nvdExploit
- bugs.gentoo.org/show_bug.cginvdThird Party Advisory
- secunia.com/advisories/28608nvdVendor Advisory
- secunia.com/advisories/28623nvdVendor Advisory
- secunia.com/advisories/28738nvdVendor Advisory
- secunia.com/advisories/28952nvdVendor Advisory
- security.gentoo.org/glsa/glsa-200802-07.xmlnvdThird Party Advisory
- www.debian.org/security/2008/dsa-1476nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.securityfocus.com/bid/27449nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/usn-573-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2008/0283nvdVendor Advisory
- www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.htmlnvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.htmlnvdThird Party Advisory
- bugzilla.novell.com/show_bug.cginvdIssue Tracking
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- exchange.xforce.ibmcloud.com/vulnerabilities/39992nvdVDB Entry
- tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.htmlnvdBroken Link
News mentions
0No linked articles in our index yet.