CVE-2008-0008

N/A Unknown
Published: January 29, 2008 Modified: April 23, 2026
View on NVD

Description

The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://bugs.gentoo.org/show_bug.cgi?id=207214
Source: secalert@redhat.com
Third Party Advisory
http://pulseaudio.org/changeset/2100
Source: secalert@redhat.com
Exploit
http://secunia.com/advisories/28608
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28623
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28738
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28952
Source: secalert@redhat.com
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200802-07.xml
Source: secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2008/dsa-1476
Source: secalert@redhat.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:027
Source: secalert@redhat.com
Third Party Advisory
http://www.securityfocus.com/bid/27449
Source: secalert@redhat.com
Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-573-1
Source: secalert@redhat.com
Third Party Advisory
http://www.vupen.com/english/advisories/2008/0283
Source: secalert@redhat.com
Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=347822
Source: secalert@redhat.com
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=425481
Source: secalert@redhat.com
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/39992
Source: secalert@redhat.com
VDB Entry
https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html
Source: secalert@redhat.com
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html
Source: secalert@redhat.com
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html
Source: secalert@redhat.com
Third Party Advisory
http://bugs.gentoo.org/show_bug.cgi?id=207214
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://pulseaudio.org/changeset/2100
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
http://secunia.com/advisories/28608
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28623
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28738
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28952
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200802-07.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2008/dsa-1476
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:027
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/27449
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-573-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2008/0283
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=347822
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=425481
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/39992
Source: af854a3a-2127-422b-91ae-364da2661108
VDB Entry
https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

36 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.6%
42th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-20

Affected Vendors

redhat pulseaudio mandrakesoft

Related CVEs

CVE-2026-9677 N/A
CVE-2026-13245 6.1
CVE-2026-12404 5.3
CVE-2026-10820 N/A
CVE-2026-12415 9.8