{"id":"CVE-2009-1894","details":"Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.","modified":"2026-01-27T04:09:49.747077Z","published":"2009-07-17T16:30:00Z","withdrawn":"2026-01-27T04:09:49.747077Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/35868"},{"type":"ADVISORY","url":"http://secunia.com/advisories/35886"},{"type":"ADVISORY","url":"http://secunia.com/advisories/35896"},{"type":"ADVISORY","url":"http://security.gentoo.org/glsa/glsa-200907-13.xml"},{"type":"ADVISORY","url":"http://www.akitasecurity.nl/advisory.php?id=AK20090602"},{"type":"ADVISORY","url":"http://www.debian.org/security/2009/dsa-1838"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:152"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:171"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/usn-804-1"},{"type":"ARTICLE","url":"http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html"},{"type":"FIX","url":"http://www.securityfocus.com/bid/35721"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=510071"},{"type":"WEB","url":"http://taviso.decsystem.org/research.html"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/505052/100/0/threaded"},{"type":"WEB","url":"https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/51804"}],"schema_version":"1.7.3"}