Array Index Error in Zaptel Drivers Compromises Local User Security
CVE-2008-5396

Currently unrated

Key Information:

Vendor: Asterisk
Status: Zaptel
Vendor: CVE Published:; 9 December 2008

What is CVE-2008-5396?

An array index error in the Zaptel (or DAHDI) drivers allows local users within the dialout group to exploit a weakness in the sync field validation related to the ZT_SPANCONFIG ioctl. This exploitable flaw permits users to overwrite critical integer values in kernel memory by manipulating the /dev/zap/ctl device. This vulnerability exposes the system to potential unauthorized alterations and security risks.

References

http://www.openwall.com/lists/oss-security/2008/12/03/10

mailing-listx_refsource_MLIST

http://bugs.digium.com/view.php?id=13954

x_refsource_CONFIRM

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507459

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 9, 2008
Vulnerability Reserved
Dec 8, 2008

Asterisk

What is CVE-2008-5396?

References

Timeline