CVE-2007-1804 - PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PS

CVE-2007-1804

Summary

PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file.

References

Vulnerable Configurations

cpe:2.3:a:pulseaudio:pulseaudio:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:pulseaudio:pulseaudio:0.9.5:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	23240
mandriva	MDVSA-2008:065
misc	http://aluigi.altervista.org/adv/pulsex-adv.txt http://aluigi.org/poc/pulsex.zip
secunia	25431 25787
suse	SUSE-SR:2007:013
ubuntu	USN-465-1
vupen	ADV-2007-1214
xf	pulseaudio-assert-dos(33315)

Last major update

29-07-2017 - 01:31

Published

02-04-2007 - 23:19

Last modified

29-07-2017 - 01:31