CVE-2009-1894

Publication date 17 July 2009

Last updated 24 July 2024

Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
pulseaudio	9.04 jaunty	Fixed 1:0.9.14-0ubuntu20.2
	8.10 intrepid	Fixed 0.9.10-2ubuntu9.4
	8.04 LTS hardy	Fixed 0.9.10-1ubuntu1.1
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-804-1
PulseAudio vulnerability
16 July 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-1894