Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4571

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2007-4571
Last Modified 07 Mar 2011 09:58:48
Published 26 Sep 2007 06:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-4571

Summary

The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.22.7


References

VUPEN - ADV-2007-3272

UBUNTU - USN-618-1

SECUNIA - 30769

IDEFENSE - 20070925 Linux Kernel ALSA snd_mem_proc_read Information Disclosure Vulnerability

CONFIRM - http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212

FEDORA - FEDORA-2007-2349

FEDORA - FEDORA-2007-714

CONFIRM - https://issues.rpath.com/browse/RPL-1761

XF - linux-sndpagealloc-information-disclosure(36780)

SECTRACK - 1018734

BID - 25807

REDHAT - RHSA-2007:0993

REDHAT - RHSA-2007:0939

SUSE - SUSE-SA:2007:053

DEBIAN - DSA-1505

DEBIAN - DSA-1479

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

SECUNIA - 29054

SECUNIA - 28626

SECUNIA - 27824

SECUNIA - 27747

SECUNIA - 27436

SECUNIA - 27227

SECUNIA - 27101

SECUNIA - 26989

SECUNIA - 26980

SECUNIA - 26918


Last Updated: 27 May 2016 10:45:54