Unrated severityNVD Advisory· Published Jan 29, 2008· Updated Apr 23, 2026
CVE-2008-0008
CVE-2008-0008
Description
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.
Affected products
2cpe:2.3:a:pulseaudio:pulseaudio:0.9.6:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:pulseaudio:pulseaudio:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:pulseaudio:pulseaudio:0.9.8:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- pulseaudio.org/changeset/2100nvdExploit
- bugs.gentoo.org/show_bug.cginvdThird Party Advisory
- secunia.com/advisories/28608nvdVendor Advisory
- secunia.com/advisories/28623nvdVendor Advisory
- secunia.com/advisories/28738nvdVendor Advisory
- secunia.com/advisories/28952nvdVendor Advisory
- security.gentoo.org/glsa/glsa-200802-07.xmlnvdThird Party Advisory
- www.debian.org/security/2008/dsa-1476nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.securityfocus.com/bid/27449nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/usn-573-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2008/0283nvdVendor Advisory
- www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.htmlnvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.htmlnvdThird Party Advisory
- bugzilla.novell.com/show_bug.cginvdIssue Tracking
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- exchange.xforce.ibmcloud.com/vulnerabilities/39992nvdVDB Entry
- tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.htmlnvdBroken Link
News mentions
0No linked articles in our index yet.