82029 – media-sound/synaesthesia: Privilege escalation

Bug 82029 - media-sound/synaesthesia: Privilege escalation

Summary: media-sound/synaesthesia: Privilege escalation

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal
Assignee:	Gentoo Security

URL:	http://www.debian.org/security/2005/d...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-02-14 12:32 UTC by Luke Macken (RETIRED)
Modified:	2005-02-14 12:39 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Luke Macken (RETIRED) gentoo-dev

2005-02-14 12:32:43 UTC

Security database references:
    In Mitre's CVE dictionary: CAN-2005-0070.
More information:

    Erik Sj

Comment 1 Luke Macken (RETIRED) gentoo-dev

2005-02-14 12:32:43 UTC

Security database references:
    In Mitre's CVE dictionary: CAN-2005-0070.
More information:

    Erik Sjölund and Devin Carraway discovered that synaesthesia, a program for representing sounds visually, accesses user-controlled configuration and mixer files with elevated privileges. Thus, it is possible to read arbitrary files.

Comment 2 Luke Macken (RETIRED) gentoo-dev

2005-02-14 12:39:46 UTC

This package is not installed suid root.