Bug 313329 (CVE-2009-1299)

Summary:	<media-sound/pulseaudio-0.9.22: pa_make_secure_dir() symlink attack (CVE-2009-1299)
Product:	Gentoo Security	Reporter:	Stefan Behte (RETIRED) <craig>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	sound
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008
Whiteboard:	B3 [glsa]
Package list:		Runtime testing required:	---

Description Stefan Behte (RETIRED) gentoo-dev

2010-04-06 03:10:38 UTC

CVE-2009-1299 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1299):
  The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10
  and 0.9.19 allows local users to change the ownership and permissions
  of arbitrary files via a symlink attack on a /tmp/.esd-#####
  temporary file.

Comment 1 Arun Raghavan (RETIRED) gentoo-dev

2011-05-18 04:20:17 UTC

0.9.19 is no longer in tree. Can we close this or ...?

Comment 2 Tim Sammut (RETIRED) gentoo-dev

2011-05-23 02:49:58 UTC

(In reply to comment #1)
> 0.9.19 is no longer in tree. Can we close this or ...?

Thanks for the ping, Arun. We are not done however.

I think this was fixed in 0.9.22 via the commit at http://git.0pointer.de/?p=pulseaudio.git;a=commit;h=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee. =media-sound/pulseaudio-0.9.22 is already stable, so this is ready for a vote.

GLSA Vote: yes.

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2011-10-08 22:12:30 UTC

Vote: YES. New GLSA request filed.

Comment 4 GLSAMaker/CVETool Bot gentoo-dev

2014-02-07 21:03:13 UTC

This issue was resolved and addressed in
 GLSA 201402-10 at http://security.gentoo.org/glsa/glsa-201402-10.xml
by GLSA coordinator Mikle Kolyada (Zlogene).