PT-2002-2618 · Alsa · Alsaplayer

Published

2002-12-31

Updated

2008-09-05

CVE-2002-1896

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Alsaplayer version 0.99.71

Description A buffer overflow issue exists, allowing local users to execute arbitrary code when the software is installed setuid root. This can be achieved by providing a long command line argument, specifically with the -f or -o options.

Recommendations For Alsaplayer version 0.99.71, consider removing the setuid root installation to prevent exploitation until a patch is available. As a temporary workaround, restrict the use of the -f and -o command line arguments to minimize the risk of arbitrary code execution.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1896

Affected Products

Alsaplayer

PT-2002-2618 · Alsa · Alsaplayer

CVE-2002-1896

Related Identifiers

Affected Products

References · 10