Home > Vulnerability Database > CVE-2008-0008

Mend.io Vulnerability Database

CVE-2008-0008

Date: January 28, 2008

The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.

Severity Score

8.4

Related Resources (21)

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/39992

Url: http://www.securityfocus.com/bid/27449

Url: http://security.gentoo.org/glsa/glsa-200802-07.xml

Url: https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html

Url: http://pulseaudio.org/changeset/2100

Url: https://bugzilla.redhat.com/show_bug.cgi?id=425481

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:027

Url: http://secunia.com/advisories/28608

Url: https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html

Url: https://bugzilla.novell.com/show_bug.cgi?id=347822

Url: https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html

Url: http://www.debian.org/security/2008/dsa-1476

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-0008

Url: http://secunia.com/advisories/28738

Url: http://www.ubuntu.com/usn/usn-573-1

Url: http://bugs.gentoo.org/show_bug.cgi?id=207214

Url: http://secunia.com/advisories/28952

Url: http://secunia.com/advisories/28623

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-0008

Url: http://www.vupen.com/english/advisories/2008/0283

Url: https://www.mend.io/vulnerability-database/CVE-2008-0008

Severity Score

8.4

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	8.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-0008

Date: January 28, 2008

Severity Score

Related Resources (21)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?