CVE-2008-5744

Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check against the value of lc->sync.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
asteriskzaptel
𝑥
≤ 1.4.11
asteriskzaptel
1.2
asteriskzaptel
1.2.27
asteriskzaptel
1.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zaptel
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://bugs.digium.com/view.php?id=13954#96700
http://secunia.com/advisories/32960
http://svn.digium.com/view/dahdi?view=rev&revision=5590
http://www.openwall.com/lists/oss-security/2008/12/19/2
https://bugzilla.redhat.com/show_bug.cgi?id=475446#c4
https://exchange.xforce.ibmcloud.com/vulnerabilities/47666
http://bugs.digium.com/view.php?id=13954#96700
http://secunia.com/advisories/32960
http://svn.digium.com/view/dahdi?view=rev&revision=5590
http://www.openwall.com/lists/oss-security/2008/12/19/2
https://bugzilla.redhat.com/show_bug.cgi?id=475446#c4
https://exchange.xforce.ibmcloud.com/vulnerabilities/47666