Array Index Error in Zaptel Driver Affects DAHDI Product from Digium
CVE-2008-5744

Currently unrated

Key Information:

Vendor: Asterisk
Status: Zaptel
Vendor: CVE Published:; 26 December 2008

What is CVE-2008-5744?

The DAHDI (formerly Zaptel) driver contains an array index error in the tor2.c implementation. This vulnerability allows local users, specifically those in the dialout group, to manipulate kernel memory by writing to the /dev/zap/ctl interface. The flaw is tied to an improper implementation in a previously released patch for CVE-2008-5396, where an incorrect variable was utilized in a range check. Consequently, this oversight enables local users to overwrite critical integer values in kernel memory, posing a significant threat to system stability and security.

References

http://bugs.digium.com/view.php?id=13954#96700

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=475446#c4

x_refsource_CONFIRM

http://secunia.com/advisories/32960

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Dec 26, 2008
Vulnerability Reserved
Dec 26, 2008

Asterisk

What is CVE-2008-5744?

References

Timeline