Greetings, From: http://www.securityfocus.com/bid/14031/info Asterisk manager interface is prone to a remote buffer overflow vulnerability. The issue manifests due to a lack of sufficient boundary checks performed by command line interface processing routines. Reports indicate that the issue may only be exploited if the manager interface is accessible and an attacker is able to write commands to the interface.
Under certain circumstances a remote attacker may exploit this issue to execute arbitrary code in the context of the affected software. ----------- I think this is a good reminder to us all that we should be paying lots of attention to the security of our asterisk servers. If your running asterisk in a production environment, make sure no one except the administrator has access to this box. Risks associated with problems like buffer overflows for privilege escalation, can all be mitigated with strong access control policies, if users don't have access to the CLI, then they wont be able to take advantage of this type of exploit. Thanks, Mark Rzepa HighVail Systems Inc.
