Bug#510583: CVE-2008-5744: overflow in tor2 driver in Zaptel
Stefan Fritsch
sf at sfritsch.de
Sat Jan 3 12:20:27 UTC 2009
Package: zaptel
Version: 1:1.2.11.dfsg-1
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for zaptel.
CVE-2008-5744[0]:
| Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI)
| 1.4.11 and earlier allows local users in the dialout group to
| overwrite an integer value in kernel memory by writing to
| /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396
| that uses the wrong variable in a range check against the value of
| lc->sync.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5744
http://security-tracker.debian.net/tracker/CVE-2008-5744
More information about the Pkg-voip-maintainers
mailing list