Asterisk IMAP Voicemail Buffer Overflows Let Remote and Local Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1018804 |
|
SecurityTracker URL: http://securitytracker.com/id/1018804
|
|
CVE Reference:
CVE-2007-5358
(Links to External Site)
|
Updated: Mar 19 2008
|
Original Entry Date: Oct 11 2007
|
Impact:
Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 1.4.13
|
Description:
Two vulnerabilities were reported in Asterisk. A local user can obtain elevated privileges on the target system. A remote user can execute arbitrary code on the target system.
A local user with write access to the 'asterisk.conf' file can set specially crafted values for the astspooldir parameter in 'asterisk.conf', the voicemail context, and voicemail mailbox to trigger a buffer overflow when a message is played or forwarded.
A remote user can set a specially crafted Content-type or Content-description header on an e-mail containing a voicemail message to trigger a buffer overflow when the message is played via a telephone. Voicemail messages received via e-mail are not affected.
Systems using IMAP storage are affected by these vulnerabilities.
Russell Bryant and Mark Michelson reported these vulnerabilities.
|
Impact:
A local user can obtain elevated privileges on the target system.
A remote user can execute arbitrary code on the target system.
|
Solution:
The vendor has issued a fix (1.4.13).
The Asterisk advisory is available at:
http://downloads.digium.com/pub/security/AST-2007-022.html
|
Vendor URL: downloads.digium.com/pub/security/AST-2007-022.html (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 11 Oct 2007 07:46:11 -0400
Subject: Asterisk Project Security Advisory - AST-2007-022
|
http://downloads.digium.com/pub/security/AST-2007-022.html
|
|
