CVE-2007-4571

NameCVE-2007-4571
DescriptionThe snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1479-1, DSA-1505-1
NVD severitylow (attack range: local)
Debian Bugs444571
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot known to be vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
alsa-driver (PTS)squeeze1.0.23+dfsg-2fixed
linux-2.6 (PTS)squeeze, squeeze (security)2.6.32-48squeeze6fixed
squeeze (lts)2.6.32-48squeeze13fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
alsa-driversource(unstable)1.0.15-1low
alsa-driversourceetch1.0.13-5etch1lowDSA-1505-1
alsa-driversourcesarge1.0.8-7sarge1lowDSA-1505-1
alsa-modules-i386sourcesarge1.0.8+2sarge2lowDSA-1505-1
linux-2.6source(unstable)2.6.22-5low444571
linux-2.6sourceetch2.6.18.dfsg.1-17etch1lowDSA-1479-1

Notes

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212
very easy to exploit locally

Search for package or bug name: Reporting problems