Array Index Error in Zaptel Driver Affects DAHDI Product from Digium
CVE-2008-5744

Currently unrated

Key Information:

Vendor

Asterisk

Status
Zaptel
Vendor
CVE Published:
26 December 2008

What is CVE-2008-5744?

The DAHDI (formerly Zaptel) driver contains an array index error in the tor2.c implementation. This vulnerability allows local users, specifically those in the dialout group, to manipulate kernel memory by writing to the /dev/zap/ctl interface. The flaw is tied to an improper implementation in a previously released patch for CVE-2008-5396, where an incorrect variable was utilized in a range check. Consequently, this oversight enables local users to overwrite critical integer values in kernel memory, posing a significant threat to system stability and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://bugs.digium.com/view.php?id=13954#96700
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=475446#c4
x_refsource_CONFIRM
http://secunia.com/advisories/32960
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.