Vulnerability CVE-2009-1299

Vulnerability Name:

CVE-2009-1299 (CCN-57032)

Assigned:

2009-04-15

Published:

2010-01-25

Updated:

2010-06-29

Summary:

The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.

CVSS v3 Severity:

5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
6.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-59

Vulnerability Consequences:

File Manipulation

References:

Source: MISC
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615

Source: MITRE
Type: CNA
CVE-2009-1299

Source: CONFIRM
Type: UNKNOWN
http://git.0pointer.de/?p=pulseaudio.git;a=patch;h=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee

Source: DEBIAN
Type: UNKNOWN
DSA-2017

Source: DEBIAN
Type: DSA-2017
pulseaudio -- insecure temporary directory

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:124

Source: CCN
Type: OSVDB ID: 63097
PulseAudio core-util.c pa_make_secure_dir Function Temporary File Symlink Arbitrary File Permission Modification

Source: CCN
Type: PulseAudio Web site
PulseAudio - Trac

Source: CCN
Type: BID-38768
PulseAudio Insecure Temporary File Creation Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2010-1570

Source: CCN
Type: Bug #509008 in pulseaudio (Ubuntu)
Insecure temporary file creation

Source: CONFIRM
Type: UNKNOWN
https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008

Source: XF
Type: UNKNOWN
pulseaudio-file-symlink(57032)

Source: SUSE
Type: SUSE-SR:2010:007
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:pulseaudio:pulseaudio:0.9.10:*:*:*:*:*:*:*

OR cpe:/a:pulseaudio:pulseaudio:0.9.19:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:pulseaudio:pulseaudio:0.9.5:*:*:*:*:*:*:*

OR cpe:/a:pulseaudio:pulseaudio:0.9.6:*:*:*:*:*:*:*

OR cpe:/a:pulseaudio:pulseaudio:0.9.8:*:*:*:*:*:*:*

OR cpe:/a:pulseaudio:pulseaudio:0.9.9:*:*:*:*:*:*:*

OR cpe:/a:pulseaudio:pulseaudio:0.9.10:*:*:*:*:*:*:*

OR cpe:/a:pulseaudio:pulseaudio:0.9.14:*:*:*:*:*:*:*

AND

cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20091299	V	CVE-2009-1299	2015-11-16
oval:org.mitre.oval:def:6898	P	DSA-2017 pulseaudio -- insecure temporary directory	2014-06-23
oval:org.mitre.oval:def:19940	P	DSA-2017-1 pulseaudio - insecure temporary directory	2014-06-23
oval:org.debian:def:2017	V	insecure temporary directory	2010-03-15

BACK