lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 25 Aug 2006 11:14:13 +0200
From: "Matt Riddell (IT)" <matt.riddell@...eapps.com>
To: bugtraq@...urityfocus.com
Subject: Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mu Security ( http://www.musecurity.com/ ) posted details of multiple
vulnerabilities in Asterisk which have been fixed in the latest version.

You can find more information at the Daily Asterisk News Site:

http://www.sineapps.com/news.php?rssid=1448

Excerpt from their release:

Vulnerability Details:

A remote stack buffer overflow condition in Asterisk's MGCP
implementation could allow for arbitrary code execution. The vulnerable
code is triggered with the use of a malformed AUEP (audit endpoint)
response message.

A second issue exists in the handling of file names sent to the
Record()application which could lead to arbitrary code execution via a
format string attack or arbitrary file-overwrite via directory traversal
techniques. The impact of this vulnerability is minimal, however, as it
requires an administrator to use a client-controlled variable as part of
the filename.

Solution:

Mu Security would like to thank the Asterisk security team for their
timely response to these issues.

A patch for the buffer overflow is available from the following link:
http://ftp.digium.com/pub/asterisk/asterisk-1.2.11-patch.gz

To protect against the Record() vulnerability, do not use
user-controlled variables ( eg, ${CALLERIDNAME} ) as part of the the
filename argument.

- --
Cheers,

Matt Riddell
_______________________________________________

http://www.sineapps.com/news.php (Daily Asterisk News - html)
http://freevoip.gedameurope.com (Free Asterisk Voip Community)
http://www.sineapps.com/rssfeed.php (Daily Asterisk News - rss)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE7r9lS6d5vy0jeVcRAlygAJ4z0KuRJBw69O3BDGtTHs1b6ySYewCfYvF2
CzwW/aFSqOwNVtDN+OkTJ7I=
=iXz6
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ