[Asterisk-Dev] patch for the Asterisk Manager Interface Overflow
tzafrir.cohen at xorcom.com
Thu Jun 23 23:37:18 MST 2005
On Fri, Jun 24, 2005 at 01:23:44AM -0500, Santiago José Ruano Rincón wrote:
> I need the patch that fix Asterisk Manager Interface Overflow 
> against asterisk 1.0.7 to build the debian packages. I tried to look for
> it on bugs.digium.com, asterisk-cvs mailing list and the cvs logs, but I
> couldn't find it. Anyone could help me to find it?
If I understand corrently you want to backport fixes. Well, this one is
probably hardly worth it. It is kind of "using root to gain root"
(well, s/root/asterisk/g). A user with an ability to exploit this can
already order Asterisk do do practically anything.
OTOH, 1.0.8 has quite a few other fixes which may be worth backporting.
What are the user-visible changes of 1.0.8? How much potentially
dangerous is an upgrade?
Tzafrir Cohen icq#16849755 +972-50-7952406
tzafrir.cohen at xorcom.com http://www.xorcom.com
More information about the asterisk-dev