CVE-2009-1299 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.9 UNKNOWN	LOCAL	MEDIUM		AV:L/AC:M/Au:N/C:C/I:C/A:C
canonical	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Vendor	Product	Version
pulseaudio	pulseaudio	0.9.10
pulseaudio	pulseaudio	0.9.19

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

pulseaudio

bullseye	14.2-2 fixed
bookworm	16.1+dfsg1-2 fixed
sid	16.1+dfsg1-5.1 fixed
trixie	16.1+dfsg1-5.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

pulseaudio

natty	not-affected
maverick	not-affected
lucid	Fixed 1:0.9.22~0.9.21+stable-queue-32-g8478-0ubuntu12 released
karmic	ignored
jaunty	ignored
intrepid	ignored
hardy	ignored
dapper	dne

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615

http://git.0pointer.de/?p=pulseaudio.git%3Ba=patch%3Bh=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee

http://www.debian.org/security/2010/dsa-2017

http://www.mandriva.com/security/advisories?name=MDVSA-2010:124

http://www.vupen.com/english/advisories/2010/1570

https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573615

http://git.0pointer.de/?p=pulseaudio.git%3Ba=patch%3Bh=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee

http://www.debian.org/security/2010/dsa-2017

http://www.mandriva.com/security/advisories?name=MDVSA-2010:124

http://www.vupen.com/english/advisories/2010/1570

https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008