Back to search
CVE-2008-5744
Published: Dec 26, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check against the value of lc->sync.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://bugs.digium.com/view.php?id=13954#96700
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=475446#c4
x_refsource_CONFIRM
32960
third-party-advisory
x_refsource_SECUNIA
zaptel-tor2-memory-overwrite(47666)
vdb-entry
x_refsource_XF
http://svn.digium.com/view/dahdi?view=rev&revision=5590
x_refsource_CONFIRM
[oss-security] 20081219 CVE Request - Incomplete dahdi/zaptel tor2.c patch for CVE-2008-5396
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now