From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200704-22.xml | 68 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 metadata/glsa/glsa-200704-22.xml (limited to 'metadata/glsa/glsa-200704-22.xml') diff --git a/metadata/glsa/glsa-200704-22.xml b/metadata/glsa/glsa-200704-22.xml new file mode 100644 index 000000000000..e3aed7f84153 --- /dev/null +++ b/metadata/glsa/glsa-200704-22.xml @@ -0,0 +1,68 @@ + + + + BEAST: Denial of Service + + A vulnerability has been discovered in BEAST allowing for a Denial of + Service. + + BEAST + 2007-04-27 + 2007-04-27: 01 + 163146 + local + + + 0.7.1 + 0.7.1 + + + +

+ BEdevilled Audio SysTem is an audio compositor, supporting a wide range + of audio formats. +

+ + +

+ BEAST, which is installed as setuid root, fails to properly check + whether it can drop privileges accordingly if seteuid() fails due to a + user exceeding assigned resource limits. +

+ + +

+ A local user could exceed his resource limit in order to prevent the + seteuid() call from succeeding. This may lead BEAST to keep running + with root privileges. Then, the local user could use the "save as" + dialog box to overwrite any file on the vulnerable system, potentially + leading to a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All BEAST users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/beast-0.7.1" + + + CVE-2006-2916 + CVE-2006-4447 + + + jaervosz + + + p-y + + + p-y + + -- cgit v1.2.3