Title: GNOME esound Unix Domain Socket Race Condition Vulnerability
Severity: LOW
Description:
EsounD, part of the GNOME desktop environment, is a server process allowing several applications to share the same sound hardware.
Versions of esound up to and including 0.2.19 create a world-writable directory (/tmp/.esd) which is also used to store a domain socket used by esound.
The unix domain socket is also created world-writeable. A race condition exists when this socket is created such that if an attacker creates a symbolic link in the world-writeable /tmp/.esd directory at the right time, the file pointed to by it will be changed to a world-writeable mode. The target file, of course, would have to be owned by the user running ESound. This vulnerability may have to do with a lack of checking return values when binding the address structure to the domain socket before setting permissions on the file, but this is uncomfirmed as are the exact technical details of this vulnerability.
Affected Products:
- GNOME Gnome 1.1.0
- GNOME Gnome 1.2.0
- GNOME esound 0.2.19
References:
- GNOME: GNOME Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
