Mandriva Linux Security Advisory : pulseaudio (MDVSA-2010:124)

medium Nessus Plugin ID 47127

Language:

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file (CVE-2009-1299).

This update fixes this issue.

Solution

Update the affected packages.

See Also

https://qa.mandriva.com/59912

Plugin Details

Severity: Medium

ID: 47127

File Name: mandriva_MDVSA-2010-124.nasl

Version: 1.13

Type: local

Published: 6/24/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64pulseaudio-devel, p-cpe:/a:mandriva:linux:lib64pulseaudio0, p-cpe:/a:mandriva:linux:lib64pulseaudio0-devel, p-cpe:/a:mandriva:linux:lib64pulsecore3, p-cpe:/a:mandriva:linux:lib64pulsecore5, p-cpe:/a:mandriva:linux:lib64pulseglib20, p-cpe:/a:mandriva:linux:lib64pulsezeroconf0, p-cpe:/a:mandriva:linux:libpulseaudio-devel, p-cpe:/a:mandriva:linux:libpulseaudio0, p-cpe:/a:mandriva:linux:libpulseaudio0-devel, p-cpe:/a:mandriva:linux:libpulsecore3, p-cpe:/a:mandriva:linux:libpulsecore5, p-cpe:/a:mandriva:linux:libpulseglib20, p-cpe:/a:mandriva:linux:libpulsezeroconf0, p-cpe:/a:mandriva:linux:pulseaudio, p-cpe:/a:mandriva:linux:pulseaudio-esound-compat, p-cpe:/a:mandriva:linux:pulseaudio-module-bluetooth, p-cpe:/a:mandriva:linux:pulseaudio-module-gconf, p-cpe:/a:mandriva:linux:pulseaudio-module-jack, p-cpe:/a:mandriva:linux:pulseaudio-module-lirc, p-cpe:/a:mandriva:linux:pulseaudio-module-x11, p-cpe:/a:mandriva:linux:pulseaudio-module-zeroconf, p-cpe:/a:mandriva:linux:pulseaudio-utils, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2009.0, cpe:/o:mandriva:linux:2009.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/23/2010

Reference Information

CVE: CVE-2009-1299

BID: 38768

MDVSA: 2010:124