Bug#448763: CVE-2007-5690 Buffer overflow in sethdlc.c
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Wed Oct 31 21:39:10 UTC 2007
On Wed, Oct 31, 2007 at 09:00:50PM +0200, Tzafrir Cohen wrote:
> On Wed, Oct 31, 2007 at 07:44:13PM +0100, Nico Golde wrote:
> > Package: zaptel
> > Severity: normal
> > Tags: security
> >
> > Hi,
> > the following CVE (Common Vulnerabilities & Exposures) id was
> > published for zaptel.
> >
> > CVE-2007-5690[0]:
> > | Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1 might
> > | allow local users to gain privileges via a long device name (interface
> > | name) in the ifr_name field.
> >
> > If you fix this vulnerability please also include the CVE id
> > in your changelog entry.
> >
> > This is not really a security problem in Debian since
> > sethdlc-new is not suid root so it will just segfault.
> >
> > For further information:
> > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5690
>
> Note, however, that sethdlc.c does not get installed by default on
> Debian. The issue does seem to affect sethdlc-new.
>
> In fact, it will not even build on kernels newer than 2.4.20 .
> sethdlc-new is not installed by default in any automated script.
>
> Looking into this right now.
Update:
http://svn.digium.com/view/zaptel?view=rev&revision=3206
For zaptel 1.2 (in Etch)
http://svn.digium.com/view/zaptel?view=rev&revision=3205
I suppose that this is exactly the same patch. And that this patch
applies even to the Sarge version, if anybody cares.
http://downloads.digium.com/pub/asa/AST-2007-024.html
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the Pkg-voip-maintainers
mailing list