Re: [Asterisk-Users] Asterisk Manager Interface Remote Buffer Overflow Vulnerability

Brian West Thu, 23 Jun 2005 09:03:32 -0700

THANK YOU NANCY DREW!!!  Could be a bit more vague about this eh?


/b
---
Anakin: “You’re either with me, or you’re my enemy.”
Obi-Wan: “Only a Sith could be an absolutist.”

On Jun 22, 2005, at 6:30 PM, trixter http://www.0xdecafbad.com wrote:

http://www.frsirt.com/english/advisories/2005/0851

A vulnerability was identified in Asterisk, which may be exploited by

authenticated attackers to execute arbitrary commands. This flaw isdue

to a buffer overflow error in the manager interface that does not

properly handle specially crafted commands, which could beexploited byan authenticated attacker to obtain root privileges. Note : themanager

interface is not enabled by default.


--
Trixter http://www.0xdecafbad.com     Bret McDanel
UK +44 870 340 4605   Germany +49 801 777 555 3402
US +1 360 207 0479 or +1 516 687 5200
FreeWorldDialup: 635378
_______________________________________________
Asterisk-Users mailing list
[email protected]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users


_______________________________________________
Asterisk-Users mailing list
[email protected]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk Manager Interface Remote Buffer Overflow Vulnerability

Reply via email to