Improper Input Validation

CVE-2008-0008

High

7.2/10

Summary

The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.

Access Complexity: LOW
AccessVector: LOCAL
Authentication: NONE
Integrity Impact: COMPLETE
Confidentiality Impact: COMPLETE
Availability Impact: COMPLETE

CWE-20 - Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

Advisory Timeline

Published Jan 29, 2008

Improper Input Validation

CVE-2008-0008

Summary

CWE-20 - Improper Input Validation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS