Blatantly copying the Gentoo Advisory (since they are the security team I have contact with) you can find all the needed information here. The fix (pending merge on master branch) is available on my branch: http://gitorious.org/~flameeyes/pulseaudio/flameeyes-pulseaudio http://gitorious.org/~flameeyes/pulseaudio/flameeyes-pulseaudio/commit/84200b423ebfa7e2dad9b1b65f64eac7bf3d2114 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PulseAudio: Local privilege escalation Date: July 16, 2009 Bugs: #276986 ID: 200907-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in PulseAudio may allow a local user to execute code with escalated privileges. Background ========== PulseAudio is a network-enabled sound server with an advanced plug-in system. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-sound/pulseaudio < 0.9.9-r54 >= 0.9.9-r54 Description =========== Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerability has independently been reported to oCERT by Yorick Koster. Impact ====== A local user who has write access to any directory on the file system containing /usr/bin can exploit this vulnerability using a race condition to execute arbitrary code with root privileges. Workaround ========== Ensure that the file system holding /usr/bin does not contain directories that are writable for unprivileged users. Resolution ========== All PulseAudio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-sound/pulseaudio-0.9.9-r54" References ========== [ 1 ] CVE-2009-1894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1894 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-13.xml -- Diego Elio Petten? ? ?Flameeyes? http://blog.flameeyes.eu/ If you found a .asc file in this mail and know not what it is, it's a GnuPG digital signature: http://www.gnupg.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Questa ? una parte del messaggio firmata digitalmente URL: <http://lists.freedesktop.org/archives/pulseaudio-discuss/attachments/20090716/554b77e6/attachment.pgp>
