« List of all CVEs

CVE-2009-1299

Published: 3/18/2010 Last updated: 8/7/2024 Reserved: 4/15/2009

The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.

CNA assigner: canonical (cc1ad9ee-3454-478d-9317-d3e869d708bc) Requested by: n/a

Opam packages affected (2)

conf-pulseaudio pulseaudio

Products affected (1)

Product Vendor Version
n/a n/a 5.0

References (12)