Improper input validation in Mandrakesoft Mandrake_linux

CVE-2008-0008

The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.006 (41.9th percentile) — read the EPSS interpretation.

Affected products

Mandrakesoft Mandrake_linux — versions 2007.1, 2008.0
Pulseaudio — versions 0.9.6, 0.9.8
Redhat Fedora — versions 7, 8
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
secalert@redhat.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (mailing-list, x_refsource_MLIST, Broken Link)
secalert@redhat.com (x_refsource_CONFIRM, Exploit)
secalert@redhat.com (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Issue Tracking)