[Asterisk-Users] Asterisk Manager Interface Remote Buffer Overflow Vulnerability

Matt Riddell matt.riddell at sineapps.com
Sun Jun 26 08:40:40 MST 2005


Zoa wrote:
> 
> Haha, fun.
> 
> 
> Why use the bufferoverflow if you already have the permissions to
> execute any linux command using the manager interface :p

LOL that's what I was thinking!

A couple of weeks ago I used the manager interface to recreate whole 
files on a dead PC.

I ended up having problems with the ! mode and so used addexten to add 
extensions that ran system commands to recreate the files when I dialled 
a particular extension.

Took a while, but I got there in the end!

:)

Not that I'm complaining about people doing security audits though, it 
must be nearly a year since the last lot was done.

-- 
Cheers,

Matt Riddell
_______________________________________________

http://www.sineapps.com/news.php (Daily Asterisk News - html)
http://www.sineapps.com/rssfeed.php (Daily Asterisk News - rss)




More information about the asterisk-users mailing list