[Asterisk-Users] Asterisk Security vulnerability report
Brian West
brian at bkw.org
Wed Sep 10 17:16:43 MST 2003
Because as the advisory pointed out it "could" happen. The likely thing
to happen would be a segfault. Then again it should have been pointed out
instead of silently updated.
bkw
On Wed, 10 Sep 2003, Michael Sandee wrote:
> 'proven'? Why post this bs... read the advisory, clearly shows they made
> one and tested. Second its trivial to make one, if you see what is wrong
> in the code.
>
> Original advisory should have been posted here at the date of release,
> or announced by someone, but it wasn't... I guess some people are too
> busy, can't blame them.
>
> Brian West wrote:
>
> >Also it wasn't a proven exploit. They said it "could allow an attacker to
> >obtain remote and unauthenticated access". And if pigs "could" fly I
> >would be a rich man!
> >
> >bkw
> >
> >
> >
> >
> >>Read the security vulnerability. It referenced CVS as of a certain
> >>date. If you aren't keeping up with CVS changes, why are you running
> >>CVS at all?
> >>
> >>-Tilghman
> >>
> >>_______________________________________________
> >>Asterisk-Users mailing list
> >>Asterisk-Users at lists.digium.com
> >>http://lists.digium.com/mailman/listinfo/asterisk-users
> >>
> >>
> >>
> >_______________________________________________
> >Asterisk-Users mailing list
> >Asterisk-Users at lists.digium.com
> >http://lists.digium.com/mailman/listinfo/asterisk-users
> >
> >
> >
> >
>
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list