Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Asterisk :: b06-4436.htm

Asterisk 1.2.10 multiple vulns
Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)
Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)

Hash: SHA1

Mu Security ( ) posted details of multiple 
vulnerabilities in Asterisk which have been fixed in the latest version.

You can find more information at the Daily Asterisk News Site: 

Excerpt from their release:

Vulnerability Details:

A remote stack buffer overflow condition in Asterisk's MGCP
implementation could allow for arbitrary code execution. The vulnerable
code is triggered with the use of a malformed AUEP (audit endpoint)
response message.

A second issue exists in the handling of file names sent to the
Record()application which could lead to arbitrary code execution via a
format string attack or arbitrary file-overwrite via directory traversal
techniques. The impact of this vulnerability is minimal, however, as it
requires an administrator to use a client-controlled variable as part of
the filename.


Mu Security would like to thank the Asterisk security team for their
timely response to these issues.

A patch for the buffer overflow is available from the following link: 

To protect against the Record() vulnerability, do not use
user-controlled variables ( eg, ${CALLERIDNAME} ) as part of the the
filename argument.

- --

Matt Riddell
_______________________________________________ (Daily Asterisk News - html) (Free Asterisk Voip Community) (Daily Asterisk News - rss) 
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH