PulseAudio Assert() Remote Denial of Service Vulnerability
BID:23240
Info
PulseAudio Assert() Remote Denial of Service Vulnerability
| Bugtraq ID: | 23240 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-1804 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 02 2007 12:00AM |
| Updated: | Mar 10 2008 01:01PM |
| Credit: | Luigi Auriemma is credited with the discovery of this vulnerability. |
| Vulnerable: |
Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 PulseAudio PulseAudio 0.9.5 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 |
| Not Vulnerable: | |
Discussion
PulseAudio Assert() Remote Denial of Service Vulnerability
PulseAudio is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to consume excessive system resources until the software becomes unresponsive to further calls, effectively denying service to legitimate users.
PulseAudio 0.9.5 is vulnerable to this issue.
PulseAudio is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to consume excessive system resources until the software becomes unresponsive to further calls, effectively denying service to legitimate users.
PulseAudio 0.9.5 is vulnerable to this issue.
Exploit / POC
PulseAudio Assert() Remote Denial of Service Vulnerability
The following proof-of-concept exploit is available:
The following proof-of-concept exploit is available:
Solution / Fix
PulseAudio Assert() Remote Denial of Service Vulnerability
Solution:
Please see the referenced advisories for more information.
Solution:
Please see the referenced advisories for more information.
References
PulseAudio Assert() Remote Denial of Service Vulnerability
References:
References: