CVE-2005-0070

NameCVE-2005-0070
DescriptionSynaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-681-1
NVD severityhigh (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
synaesthesia (PTS)jessie2.4-5fixed
stretch2.4-5.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
synaesthesiasource(unstable)2.1-3high
synaesthesiasourcewoody2.1-2.1woody3highDSA-681-1

Notes

does not apply for sarge, program is not setuid anymore

Search for package or bug name: Reporting problems