Bug 180203 - media-sound/pulseaudio-0.9.5 multiple DoS vulnerabilities (CVE-2007-1804)
|
Bug#:
180203
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: flameeyes@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://pulseaudio.org/ticket/67
|
|
Summary: media-sound/pulseaudio-0.9.5 multiple DoS vulnerabilities (CVE-2007-1804)
|
|
Keywords:
|
|
Status Whiteboard: B3 [noglsa] jaervosz
|
|
Opened: 2007-05-29 10:45 0000
|
Florian Steinel reported this to me as I didn't know about it at all; I'll look
into backporting the fixes to 0.9.5, but I'm not really sure if that's
feasible, considering the sheer quantity.
Security team please advise.
Thanks in Advance,
Diego
I've added pulseaudio-0.9.5-r5 with a patch that should fix all the
vulnerabilities. There should be no problem with that going stable, as 0.9.6
stable right now is not something I'd like to see myself.
Thx Diego!
Arches please test and mark stable. Target keywords are:
pulseaudio-0.9.5-r5.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sh
sparc x86 ~x86-fbsd"
Looks like it's not all fixed:
ticho@hiker ~ $ ps ax | grep pulse
29103 ? Ss 0:00 /usr/bin/pulseaudio --log-target=syslog
--disallow-module-loading=1 --system --fail=1 --daemonize=1 --system
29118 pts/3 R+ 0:00 grep --colour=auto pulse
ticho@hiker ~ $ ./p 1 localhost
Pulseaudio <= 0.9.5 (rev 1437) termination 0.1
by Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
- check localhost
- connect to 127.0.0.1:4713
- check if the server is still up:
Server doesn't seem vulnerable
ticho@hiker ~ $ ./p 2 localhost
Pulseaudio <= 0.9.5 (rev 1437) termination 0.1
by Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
- check localhost
- connect to 127.0.0.1:4713
- check if the server is still up:
Server IS vulnerable!!!
ticho@hiker ~ $ ps ax | grep pulse
29126 pts/3 S+ 0:00 grep --colour=auto pulse
ticho@hiker ~ $
The "p" binary comes from compiling the pulsex.zip source at
http://aluigi.org/poc/pulsex.zip
Oh, and of course:
ticho@hiker ~ $ emerge -pv pulseaudio --nodeps
These are the packages that would be merged, in order:
[ebuild R ] media-sound/pulseaudio-0.9.5-r5 USE="X alsa hal oss tcpd
-avahi -caps -jack -lirc" 0 kB
Total: 1 package (1 reinstall), Size of downloads: 0 kB
Sigh, I missed one revision; I've bumped to -r6 and should be fine now; I
probably forgot to restart pulseaudio when I testcased the patch (and I had
0.9.6 running).
Thx Diego and Ticho for checking.
Please test and mark stable. Target keywords are:
pulseaudio-0.9.5-r6.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sh
sparc x86 ~x86-fbsd"
Gah, back from work at last. -r6 looks good, marked stable on x86.
forgot to take a note about the ppc stablize. Done that now.
This one is ready for GLSA vote. I vote NO.
