[Asterisk-Users] Asterisk Manager Interface Remote Buffer
Overflow Vulnerability
Brian West
brian.west at mac.com
Thu Jun 23 08:44:51 MST 2005
THANK YOU NANCY DREW!!! Could be a bit more vague about this eh?
/b
---
Anakin: “You’re either with me, or you’re my enemy.”
Obi-Wan: “Only a Sith could be an absolutist.”
On Jun 22, 2005, at 6:30 PM, trixter http://www.0xdecafbad.com wrote:
> http://www.frsirt.com/english/advisories/2005/0851
>
> A vulnerability was identified in Asterisk, which may be exploited by
> authenticated attackers to execute arbitrary commands. This flaw is
> due
> to a buffer overflow error in the manager interface that does not
> properly handle specially crafted commands, which could be
> exploited by
> an authenticated attacker to obtain root privileges. Note : the
> manager
> interface is not enabled by default.
>
>
> --
> Trixter http://www.0xdecafbad.com Bret McDanel
> UK +44 870 340 4605 Germany +49 801 777 555 3402
> US +1 360 207 0479 or +1 516 687 5200
> FreeWorldDialup: 635378
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list