Array Index Error in Zaptel Drivers Compromises Local User Security
CVE-2008-5396

Currently unrated

Key Information:

Vendor

Asterisk

Status
Zaptel
Vendor
CVE Published:
9 December 2008

What is CVE-2008-5396?

An array index error in the Zaptel (or DAHDI) drivers allows local users within the dialout group to exploit a weakness in the sync field validation related to the ZT_SPANCONFIG ioctl. This exploitable flaw permits users to overwrite critical integer values in kernel memory by manipulating the /dev/zap/ctl device. This vulnerability exposes the system to potential unauthorized alterations and security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2008/12/03/10
mailing-listx_refsource_MLIST
http://bugs.digium.com/view.php?id=13954
x_refsource_CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507459
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.