SecurityvulnsSECURITYVULNS:DOC:16651Pulseaudio 0.9.5 (rev 1437) termination
#######################################################################
Luigi Auriemma
Application: PulseAudio
http://www.pulseaudio.org
Versions: 0.9.5 (svn 1437)
Platforms: POSIX and Win32
Bugs: termination of the server through failed assert()
Exploitation: local and remote
Date: 29 Mar 2007
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org
#######################################################################
1) Introduction
2) Bugs
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
From the website:
"PulseAudio, previously known as Polypaudio, is a sound server for
POSIX and Win32 systems. A sound server is basically a proxy for your
sound applications. It allows you to do advanced operations on your
sound data as it passes between your application and your hardware.
Things like transferring the audio to a different machine, changing the
sample format or channel count and mixing several sounds into one are
easily achieved using a sound server."
#######################################################################
=======
2) Bugs
The PulseAudio server can be interrupted from both remote and local
users through invalid parameters.
That happens due to usage of the function assert() which terminates the
process when a specific condition is not met, for example if the client
wants to send an amount of data equal to zero.
Exist at least three ways for stopping a remote server from
unauthenticated connections.
#######################################################################
===========
3) The Code
http://aluigi.org/poc/pulsex.zip
#######################################################################
======
4) Fix
The problems will be solved in the next release.
#######################################################################