GLSA-200907-13 : PulseAudio: Local privilege escalation
High Nessus Plugin ID 39848
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200907-13 (PulseAudio: Local privilege escalation)
Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerability has independently been reported to oCERT by Yorick Koster.
A local user who has write access to any directory on the file system containing /usr/bin can exploit this vulnerability using a race condition to execute arbitrary code with root privileges.
Ensure that the file system holding /usr/bin does not contain directories that are writable for unprivileged users.
SolutionAll PulseAudio users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-sound/pulseaudio-0.9.9-r54'