Some vulnerabilities have been reported in Synaesthesia, which potentially can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. 1) Synaesthesia creates a configuration file with root privileges, which is writable by the users group. This can potentially be exploited to escalate privileges. 2) Synaesthesia reads configuration and mixer files with root privileges. This can potentially be exploited to disclose sensitive information. Solution: Remove the setuid bit. Reproducible: Always Steps to Reproduce: 1. 2. 3. Expected Results: Privilege escalation
Apparently our synaesthesia doesn't have the setuid bit. Please reopen if you disagree.