CVE-2008-3272
CVE-2008-3272
The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=82e68f7ffec3800425f2391c8c86277606860442http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc2http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0972.htmlhttp://secunia.com/advisories/31366http://secunia.com/advisories/31551http://secunia.com/advisories/31614http://secunia.com/advisories/31836