CVE-2008-5396 - Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and

CVE-2008-5396

Summary

Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZT_SPANCONFIG ioctl.

References

Vulnerable Configurations

cpe:2.3:a:asterisk:zaptel:1.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:zaptel:1.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:zaptel:1.2.27:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:zaptel:1.2.27:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:zaptel:1.4:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:zaptel:1.4:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:zaptel:*:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:zaptel:*:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 14-05-2009 - 05:31)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507459 http://bugs.digium.com/view.php?id=13954
mlist	[oss-security] 20081203 CVE Request (zaptel)
secunia	32947 32960

Last major update

14-05-2009 - 05:31

Published

09-12-2008 - 00:30

Last modified

14-05-2009 - 05:31