CVE-2008-5744

Name of the Vulnerable Software and Affected Versions Zaptel (aka DAHDI) versions 1.4.11 and earlier

Description The issue is related to an array index error in the dahdi/tor2.c driver. This error allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl. The problem stems from an incorrect tor2 patch that uses the wrong variable in a range check against the value of lc->sync.

Recommendations For Zaptel (aka DAHDI) versions 1.4.11 and earlier, consider restricting access to the /dev/zap/ctl file to prevent local users from overwriting kernel memory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.