CVE-2007-4571 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-4571
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4571

Description: The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/36780 UBUNTU http://www.ubuntu.com/usn/usn-618-1 SUSE http://www.novell.com/linux/security/advisories/2007_53_kernel.html ST 1018734 SAID Secunia Advisory: SA30769 Secunia Advisory: SA29054 Secunia Advisory: SA28626 Secunia Advisory: SA27824 Secunia Advisory: SA27747 Secunia Advisory: SA27227 Secunia Advisory: SA27436 Secunia Advisory: SA27101 Secunia Advisory: SA26980 Secunia Advisory: SA26918 Secunia Advisory: SA26989 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0939.html http://www.redhat.com/support/errata/RHSA-2007-0993.html IDEFENSE http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600 FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1505 http://www.debian.org/security/2008/dsa-1479 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212 BID 25807

Return to the previous page.