CVE-2008-3272 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-3272
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-3272

Description: The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/44225 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-637-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html ST 1020636 SAID Secunia Advisory: SA32799 Secunia Advisory: SA31551 Secunia Advisory: SA31836 Secunia Advisory: SA32190 Secunia Advisory: SA32023 Secunia Advisory: SA31881 Secunia Advisory: SA31614 Secunia Advisory: SA31366 Secunia Advisory: SA32759 Secunia Advisory: SA32103 Secunia Advisory: SA32104 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0857.html http://rhn.redhat.com/errata/RHSA-2008-0972.html http://www.redhat.com/support/errata/RHSA-2008-0885.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:220 DEBIAN http://www.debian.org/security/2008/dsa-1636 http://www.debian.org/security/2008/dsa-1630 CONFIRM http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=82e68f7ffec3800425f2391c8c86277606860442 BID 30559

Return to the previous page.