Vulnerabilities > CVE-2008-5396 - Numeric Errors vulnerability in Asterisk Zaptel 1.2/1.2.27/1.4
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZT_SPANCONFIG ioctl.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1699.NASL |
description | An array index error in zaptel, a set of drivers for telephony hardware, could allow users to crash the system or escalate their privileges by overwriting kernel memory (CVE-2008-5396 ). |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 35333 |
published | 2009-01-12 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/35333 |
title | Debian DSA-1699-1 : zaptel - array index error |
code |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 32575 CVE(CAN) ID: CVE-2008-5396,CVE-2008-5744 zaptel软件包是用于配置Zapata电话内核驱动的用户工具。 由于对ZT_SPANCONFIG ioctl相关的sync字段缺少检查,导致Zaptel中的torisa.c驱动的torisa_spanconfig()函数和dahdi/tor2.c驱动的tor2_spanconfig()函数存在数组索引错误。dialout组中的本地用户可以通过写入/dev/zap/ctl覆盖内核内存中的整数值,导致拒绝服务或获得权限提升。 Diginum Zaptel 1.4.x Diginum Zaptel 1.2.x 厂商补丁: Diginum ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://svn.digium.com/view/zaptel?view=rev&revision=4587 target=_blank rel=external nofollow>http://svn.digium.com/view/zaptel?view=rev&revision=4587</a> <a href=http://svn.digium.com/view/zaptel?view=rev&revision=4588 target=_blank rel=external nofollow>http://svn.digium.com/view/zaptel?view=rev&revision=4588</a> <a href=http://svn.digium.com/view/dahdi?view=rev&revision=5590 target=_blank rel=external nofollow>http://svn.digium.com/view/dahdi?view=rev&revision=5590</a> |
id | SSV:4605 |
last seen | 2017-11-19 |
modified | 2008-12-30 |
published | 2008-12-30 |
reporter | Root |
title | zaptel多个驱动数组索引漏洞 |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507459
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507459
- http://bugs.digium.com/view.php?id=13954
- http://bugs.digium.com/view.php?id=13954
- http://secunia.com/advisories/32947
- http://secunia.com/advisories/32947
- http://secunia.com/advisories/32960
- http://secunia.com/advisories/32960
- http://www.openwall.com/lists/oss-security/2008/12/03/10
- http://www.openwall.com/lists/oss-security/2008/12/03/10