CVE-2005-0070

NameCVE-2005-0070
DescriptionSynaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-681-1
NVD severityhigh (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
synaesthesia (PTS)wheezy2.4-3fixed
jessie2.4-5fixed
buster, sid, stretch2.4-5.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
synaesthesiasource(unstable)2.1-3high
synaesthesiasourcewoody2.1-2.1woody3highDSA-681-1

Notes

does not apply for sarge, program is not setuid anymore

Search for package or bug name: Reporting problems