[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-3272

Date: (C)2008-08-08   (M)2017-11-18 


The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.

CVSS Score: 6.6Access Vector: LOCAL
Exploit Score: 3.9Access Complexity: LOW
Impact Score: 9.2Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: NONE
 Availability: COMPLETE





Reference:
SECTRACK-1020636
BID-30559
SECUNIA-31366
SECUNIA-31551
SECUNIA-31614
SECUNIA-31836
SECUNIA-31881
SECUNIA-32023
SECUNIA-32103
SECUNIA-32104
SECUNIA-32190
SECUNIA-32370
SECUNIA-32759
SECUNIA-32799
ADV-2008-2307
DSA-1630
DSA-1636
MDVSA-2008:220
RHSA-2008:0857
RHSA-2008:0885
RHSA-2008:0972
SUSE-SA:2008:047
SUSE-SA:2008:048
SUSE-SA:2008:049
SUSE-SA:2008:052
SUSE-SR:2008:025
USN-637-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=82e68f7ffec3800425f2391c8c86277606860442
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc2
linux-kernel-seqosssynth-info-disclosure(44225)

CPE    617
cpe:/o:linux:linux_kernel:2.4.27:pre5
cpe:/o:linux:linux_kernel:2.3.25
cpe:/o:linux:linux_kernel:2.4.27:pre4
cpe:/o:linux:linux_kernel:2.3.26
...
CWE    1
CWE-189
OVAL    2
oval:org.mitre.oval:def:8234
oval:org.mitre.oval:def:8183

© 2013 SecPod Technologies