[asterisk-users] Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed
in 1.2.11)
Matt Riddell (IT)
matt.riddell at sineapps.com
Fri Aug 25 01:55:04 MST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
From: http://www.sineapps.com/news.php?rssid=1448
MuLabs has posted details of multiple vulnerabilities in Asterisk 1.2.10.
Excerpt:
Vulnerability Details:
A remote stack buffer overflow condition in Asterisk's MGCP
implementation could allow for arbitrary code execution. The vulnerable
code is triggered with the use of a malformed AUEP (audit endpoint)
response message.
A second issue exists in the handling of file names sent to the
Record()application which could lead to arbitrary code execution via a
format string attack or arbitrary file-overwrite via directory traversal
techniques. The impact of this vulnerability is minimal, however, as it
requires an administrator to use a client-controlled variable as part of
the filename.
Solution:
Mu Security would like to thank the Asterisk security team for their
timely response to these issues.
A patch for the buffer overflow is available from the following link:
http://ftp.digium.com/pub/asterisk/asterisk-1.2.11-patch.gz
To protect against the Record() vulnerability, do not use
user-controlled variables ( eg, ${CALLERIDNAME} ) as part of the the
filename argument.
- --
Cheers,
Matt Riddell
_______________________________________________
http://www.sineapps.com/news.php (Daily Asterisk News - html)
http://freevoip.gedameurope.com (Free Asterisk Voip Community)
http://www.sineapps.com/rssfeed.php (Daily Asterisk News - rss)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE7rroS6d5vy0jeVcRAsk6AKCHWC11f0pedpbfvwgTdQHl3lNUVgCeMogt
5GCRiC9uwo/X3V9M/e4oT6g=
=KcN8
-----END PGP SIGNATURE-----
More information about the asterisk-users
mailing list