2.1

CVE-2008-3272

The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 2.6.27
LinuxLinux Kernel Version2.6.27 Update-
LinuxLinux Kernel Version2.6.27 Updaterc1
DebianDebian Linux Version4.0
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
CanonicalUbuntu Linux Version8.04 SwEditionlts
RedhatEnterprise Linux Eus Version4.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.332
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/32759
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2008-0972.html
Third Party Advisory
http://secunia.com/advisories/32799
Third Party Advisory
http://secunia.com/advisories/32023
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0885.html
Third Party Advisory
http://secunia.com/advisories/31551
Third Party Advisory
http://www.debian.org/security/2008/dsa-1630
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/31836
Third Party Advisory
http://secunia.com/advisories/32103
Third Party Advisory
http://secunia.com/advisories/32104
Third Party Advisory
http://secunia.com/advisories/32370
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:220
Third Party Advisory
http://secunia.com/advisories/31614
Third Party Advisory
https://usn.ubuntu.com/637-1/
Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=82e68f7ffec3800425f2391c8c86277606860442
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc2
Broken Link
http://secunia.com/advisories/31366
Third Party Advisory
http://secunia.com/advisories/31881
Third Party Advisory
http://secunia.com/advisories/32190
Third Party Advisory
http://www.debian.org/security/2008/dsa-1636
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0857.html
Third Party Advisory
http://www.securityfocus.com/bid/30559
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020636
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/2307
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44225
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11182
Third Party Advisory