CVE-2008-5396 in Zaptelinfo

Summary

Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZT_SPANCONFIG ioctl.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

12/08/2008

Disclosure

12/08/2008

Moderation

VulDB entry created

Entries

1: VDB-45356

CPE

ready

CWE

CWE-189 (Confirmed)

CVSS

8.4

EPSS

0.00034

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-5396
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-5396
CVE Details	https://www.cvedetails.com/cve/CVE-2008-5396/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!