Ticket #67 (closed defect: fixed)

Opened 2 years ago

Last modified 1 year ago

PulseAudio has several denial of service issues

Reported by: ossman Assigned to: lennart
Priority: high Milestone: 0.9.6
Component: daemon Severity: blocker
Keywords: Cc: cj@vdbonline.com, aluigi@autistici.org

Description

Luigi Auriemma has found a number of problems where a client can crash the server. Some of the attacks do not even require the client to be authenticated.

Attachments

pulsex.zip (12.3 kB) - added by ossman on 03/08/07 12:58:19.

Change History

03/08/07 12:58:19 changed by ossman

  • attachment pulsex.zip added.

03/08/07 13:00:17 changed by cjvdb

  • cc set to cj@vdbonline.com.

03/08/07 13:08:33 changed by ossman

  • cc changed from cj@vdbonline.com to cj@vdbonline.com, aluigi@autistici.org.

05/23/07 17:42:07 changed by lennart

  • status changed from new to assigned.
  • milestone set to 0.9.6.

05/23/07 18:24:55 changed by lennart

(In [1445]) fix a DoS vulnerability (re #67), originally identified by Luigi Auriemma

05/23/07 18:29:25 changed by lennart

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [1446]) Fix another DoS vulnerability, also identified Luigi Auriemma (closes #67)

05/23/07 18:30:11 changed by lennart

  • status changed from closed to reopened.
  • resolution deleted.

Not closed yet, three more to go...

05/23/07 18:42:27 changed by lennart

(In [1448]) Fix yet another DoS vulnerability, also identified Luigi Auriemma (re #67)

05/23/07 18:59:13 changed by lennart

(In [1450]) Fix a DoS with allocating overly large silence buffers. (Identified by Luigi Auriemma (re #67)

05/23/07 19:12:08 changed by lennart

(In [1451]) add a missing initialization that causes a crash when parsing invalid volume restoration tables (Problem identified by Luigi Auriemma, re #67)

05/23/07 19:24:07 changed by lennart

  • status changed from reopened to closed.
  • resolution set to fixed.

(In [1452]) Fix another DoS vulnerability that has been identified by Luigi Auriemma. (Finally closes #67)

05/23/07 19:24:55 changed by lennart

Lugi, thank you very much for your work. Your work is very much appreciated!

Thanks again,

Lennart

05/23/07 19:25:29 changed by lennart

Oops, sorry that I misspelled your name, Luigi!