CVE-2009-1894

Name of the Vulnerable Software and Affected Versions: PulseAudio versions 0.9.9 through 0.9.14

Description: A race condition exists that allows local users to gain privileges. This issue involves the creation of a hard link and is related to the application setting LD BIND NOW to 1, and then calling execv() on the target of the /proc/self/exe symlink.

Recommendations: For PulseAudio versions 0.9.9 through 0.9.14, consider restricting access to the execv() function call until a patch is available. As a temporary workaround, avoid setting LD BIND NOW to 1 to minimize the risk of exploitation.