Debian DSA-1505-1 : alsa-driver - kernel memory leak

low Nessus Plugin ID 31149

Synopsis

The remote Debian host is missing a security-related update.

Description

Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module. Local users could exploit this issue to obtain sensitive information from the kernel (CVE-2007-4571 ).

Solution

Upgrade the alsa-driver and alsa-modules-i386 packages.

For the oldstable distribution (sarge), this problem has been fixed in version 1.0.8-7sarge1. The prebuilt modules provided by alsa-modules-i386 have been rebuilt to take advantage of this update, and are available in version 1.0.8+2sarge2.

For the stable distribution (etch), this problem has been fixed in version 1.0.13-5etch1. This issue was already fixed for the version of ALSA provided by linux-2.6 in DSA 1479.

See Also

https://security-tracker.debian.org/tracker/CVE-2007-4571

https://www.debian.org/security/2008/dsa-1505

Plugin Details

Severity: Low

ID: 31149

File Name: debian_DSA-1505.nasl

Version: 1.18

Type: local

Agent: unix

Published: 2/25/2008

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:alsa-driver, cpe:/o:debian:debian_linux:3.1, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/22/2008

Reference Information

CVE: CVE-2007-4571

BID: 25807

DSA: 1505