[Asterisk-Users] Asterisk Manager Interface Remote BufferOverflow
Vulnerability
Dean Collins
Dean at collins.net.pr
Thu Jun 23 10:41:18 MST 2005
I think they are being vague to give people a time to upload to the
latest version.
Cheers,
Dean
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-
> bounces at lists.digium.com] On Behalf Of Brian West
> Sent: Thursday, 23 June 2005 11:45 AM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: Re: [Asterisk-Users] Asterisk Manager Interface Remote
> BufferOverflow Vulnerability
>
> THANK YOU NANCY DREW!!! Could be a bit more vague about this eh?
>
> /b
> ---
> Anakin: "You're either with me, or you're my enemy."
> Obi-Wan: "Only a Sith could be an absolutist."
>
> On Jun 22, 2005, at 6:30 PM, trixter http://www.0xdecafbad.com wrote:
>
> > http://www.frsirt.com/english/advisories/2005/0851
> >
> > A vulnerability was identified in Asterisk, which may be exploited
by
> > authenticated attackers to execute arbitrary commands. This flaw is
> > due
> > to a buffer overflow error in the manager interface that does not
> > properly handle specially crafted commands, which could be
> > exploited by
> > an authenticated attacker to obtain root privileges. Note : the
> > manager
> > interface is not enabled by default.
> >
> >
> > --
> > Trixter http://www.0xdecafbad.com Bret McDanel
> > UK +44 870 340 4605 Germany +49 801 777 555 3402
> > US +1 360 207 0479 or +1 516 687 5200
> > FreeWorldDialup: 635378
> > _______________________________________________
> > Asterisk-Users mailing list
> > Asterisk-Users at lists.digium.com
> > http://lists.digium.com/mailman/listinfo/asterisk-users
> > To UNSUBSCRIBE or update options visit:
> > http://lists.digium.com/mailman/listinfo/asterisk-users
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list