[Asterisk-Users] Asterisk Security vulnerability report

Adam Hart adam at teragen.com.au
Wed Sep 10 19:37:19 MST 2003 

"By exploiting this vulnerability, @stake managed to obtain access to the
remote host in question. "

----- Original Message ----- 
From: "Brian West" <brian at bkw.org>
To: <asterisk-users at lists.digium.com>
Sent: Thursday, September 11, 2003 10:16 AM
Subject: Re: [Asterisk-Users] Asterisk Security vulnerability report


> Because as the advisory pointed out it "could" happen.  The likely thing
> to happen would be a segfault.  Then again it should have been pointed out
> instead of silently updated.
>
> bkw
>
> On Wed, 10 Sep 2003, Michael Sandee wrote:
>
> > 'proven'? Why post this bs... read the advisory, clearly shows they made
> > one and tested. Second its trivial to make one, if you see what is wrong
> > in the code.
> >
> > Original advisory should have been posted here at the date of release,
> > or announced by someone, but it wasn't... I guess some people are too
> > busy, can't blame them.
> >
> > Brian West wrote:
> >
> > >Also it wasn't a proven exploit.  They said it "could allow an attacker
to
> > >obtain remote and unauthenticated access".  And if pigs "could" fly I
> > >would be a rich man!
> > >
> > >bkw
> > >
> > >
> > >
> > >
> > >>Read the security vulnerability.  It referenced CVS as of a certain
> > >>date.  If you aren't keeping up with CVS changes, why are you running
> > >>CVS at all?
> > >>
> > >>-Tilghman
> > >>
> > >>_______________________________________________
> > >>Asterisk-Users mailing list
> > >>Asterisk-Users at lists.digium.com
> > >>http://lists.digium.com/mailman/listinfo/asterisk-users
> > >>
> > >>
> > >>
> > >_______________________________________________
> > >Asterisk-Users mailing list
> > >Asterisk-Users at lists.digium.com
> > >http://lists.digium.com/mailman/listinfo/asterisk-users
> > >
> > >
> > >
> > >
> >
> >
> > _______________________________________________
> > Asterisk-Users mailing list
> > Asterisk-Users at lists.digium.com
> > http://lists.digium.com/mailman/listinfo/asterisk-users
> >
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list