CVE-2008-3272 — LOW (2.1) — White Hats Nepal

Q: How severe is CVE-2008-3272?

CVE-2008-3272 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-3272?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Canonical Ubuntu Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.

Vulnerability Description

The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.27
Debian	Debian Linux	4.0
Canonical	Ubuntu Linux	6.06
Redhat	Enterprise Linux Desktop	4.0
Redhat	Enterprise Linux Eus	4.7
Redhat	Enterprise Linux Server	4.0
Redhat	Enterprise Linux Workstation	4.0

Related Weaknesses (CWE)

CWE-200

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc2Broken Link
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2008-0972.htmlThird Party Advisory
http://secunia.com/advisories/31366Third Party Advisory
http://secunia.com/advisories/31551Third Party Advisory
http://secunia.com/advisories/31614Third Party Advisory
http://secunia.com/advisories/31836Third Party Advisory
http://secunia.com/advisories/31881Third Party Advisory
http://secunia.com/advisories/32023Third Party Advisory
http://secunia.com/advisories/32103Third Party Advisory

FAQ

What is CVE-2008-3272?

CVE-2008-3272 is a vulnerability with a CVSS score of 2.1 (LOW). The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range d...

How severe is CVE-2008-3272?

CVE-2008-3272 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-3272?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Canonical Ubuntu Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.