[Asterisk-Users] Asterisk Manager Interface Remote Buffer Overflow Vulnerability

Brian West brian.west at mac.com
Thu Jun 23 08:44:51 MST 2005


THANK YOU NANCY DREW!!!  Could be a bit more vague about this eh?

/b
---
Anakin: “You’re either with me, or you’re my enemy.”
Obi-Wan: “Only a Sith could be an absolutist.”

On Jun 22, 2005, at 6:30 PM, trixter http://www.0xdecafbad.com wrote:

> http://www.frsirt.com/english/advisories/2005/0851
>
> A vulnerability was identified in Asterisk, which may be exploited by
> authenticated attackers to execute arbitrary commands. This flaw is  
> due
> to a buffer overflow error in the manager interface that does not
> properly handle specially crafted commands, which could be  
> exploited by
> an authenticated attacker to obtain root privileges. Note : the  
> manager
> interface is not enabled by default.
>
>
> -- 
> Trixter http://www.0xdecafbad.com     Bret McDanel
> UK +44 870 340 4605   Germany +49 801 777 555 3402
> US +1 360 207 0479 or +1 516 687 5200
> FreeWorldDialup: 635378
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users




More information about the asterisk-users mailing list