Vulnerabilities > CVE-2007-1804 - Remote Denial of Service vulnerability in Pulseaudio 0.9.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | PulseAudio 0.9.5 Assert() Remote Denial of Service Vulnerability. CVE-2007-1804. Dos exploit for linux platform |
| id | EDB-ID:29809 |
| last seen | 2016-02-03 |
| modified | 2007-04-02 |
| published | 2007-04-02 |
| reporter | Luigi Auriemma |
| source | https://www.exploit-db.com/download/29809/ |
| title | PulseAudio 0.9.5 Assert Remote Denial of Service Vulnerability |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-465-1.NASL description Luigi Auriemma discovered multiple flaws in pulseaudio last seen 2020-06-01 modified 2020-06-02 plugin id 28065 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28065 title Ubuntu 7.04 : pulseaudio vulnerability (USN-465-1) NASL family SuSE Local Security Checks NASL id SUSE_PULSEAUDIO-3637.NASL description This update of pulseaudio fixes a denial-of-service bug that can be triggered remotely. (CVE-2007-1804) last seen 2020-06-01 modified 2020-06-02 plugin id 27405 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27405 title openSUSE 10 Security Update : pulseaudio (pulseaudio-3637) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-065.NASL description Luigi Auriemma found a few programming errors in Pulseaudio, that can be used to crash the Pulseaudio daemon, by authenticated and unauthenticated users. The updated packages fix these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37991 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37991 title Mandriva Linux Security Advisory : pulseaudio (MDVSA-2008:065)
References
- http://aluigi.altervista.org/adv/pulsex-adv.txt
- http://aluigi.org/poc/pulsex.zip
- http://secunia.com/advisories/25431
- http://secunia.com/advisories/25787
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:065
- http://www.novell.com/linux/security/advisories/2007_13_sr.html
- http://www.securityfocus.com/bid/23240
- http://www.ubuntu.com/usn/usn-465-1
- http://www.vupen.com/english/advisories/2007/1214
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33315