CVE-2008-5396

Name of the Vulnerable Software and Affected Versions Zaptel (aka DAHDI) versions 1.4.11 and earlier

Description The issue is related to an array index error in the torisa.c and dahdi/tor2.c drivers, which allows local users in the dialout group to overwrite an integer value in kernel memory. This is achieved by writing to /dev/zap/ctl and is associated with missing validation of the sync field related to the ZT SPANCONFIG ioctl.

Recommendations For Zaptel (aka DAHDI) versions 1.4.11 and earlier, consider restricting access to the /dev/zap/ctl file to prevent local users from overwriting kernel memory. Additionally, as a temporary workaround, consider disabling the ZT SPANCONFIG ioctl until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.