Haha, fun.
Why use the bufferoverflow if you already have the permissions to execute any linux command using the manager interface :p Brian West wrote:
THANK YOU NANCY DREW!!! Could be a bit more vague about this eh? /b --- Anakin: “You’re either with me, or you’re my enemy.” Obi-Wan: “Only a Sith could be an absolutist.” On Jun 22, 2005, at 6:30 PM, trixter http://www.0xdecafbad.com wrote:http://www.frsirt.com/english/advisories/2005/0851 A vulnerability was identified in Asterisk, which may be exploited by authenticated attackers to execute arbitrary commands. This flaw is due to a buffer overflow error in the manager interface that does not properly handle specially crafted commands, which could be exploited by an authenticated attacker to obtain root privileges. Note : the manager interface is not enabled by default. -- Trixter http://www.0xdecafbad.com Bret McDanel UK +44 870 340 4605 Germany +49 801 777 555 3402 US +1 360 207 0479 or +1 516 687 5200 FreeWorldDialup: 635378 _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users_______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
