[Asterisk-Users] Asterisk Manager Interface Remote Buffer Overflow
Vulnerability
trixter http://www.0xdecafbad.com
trixter at 0xdecafbad.com
Wed Jun 22 16:30:47 MST 2005
http://www.frsirt.com/english/advisories/2005/0851
A vulnerability was identified in Asterisk, which may be exploited by
authenticated attackers to execute arbitrary commands. This flaw is due
to a buffer overflow error in the manager interface that does not
properly handle specially crafted commands, which could be exploited by
an authenticated attacker to obtain root privileges. Note : the manager
interface is not enabled by default.
--
Trixter http://www.0xdecafbad.com Bret McDanel
UK +44 870 340 4605 Germany +49 801 777 555 3402
US +1 360 207 0479 or +1 516 687 5200
FreeWorldDialup: 635378
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20050622/b034a34a/attachment.pgp
More information about the asterisk-users
mailing list