20577 : Asterisk vmail.cgi folder Variable Traversal Arbitrary .wav File Access
Printer | http://osvdb.org/20577 | Email This | Edit Vulnerability

Views This Week

Views All Time

175

Info

Last Modified

about 1 year ago

Percent Complete

100%

Disclosure

Nov 07, 2005

Discovery

Oct 17, 2005

Dates

Exploit

Nov 07, 2005

Solution

Unknown

Keywords

No Keywords

Description

Asterisk contains a flaw that allows an authenticated user to access other users' voice mail wav files. The issue is due to the vmail.cgi not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "folder" variable.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 1.2.0-rc2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Asterisk	Asterisk	1.0.9
		1.2.0-beta1
	Asterisk@Home	1.5
		2.0-beta4

References

Security Tracker: 1015164
Bugtraq ID: 15336
Secunia Advisory ID: 17459 19872
CVE ID: 2005-3559 (see also: NVD)
ISS X-Force ID: 23002
FrSIRT Advisory: ADV-2005-2346
Mail List Post: http://seclists.org/lists/bugtraq/2005/Nov/0087.html
Other Advisory URL: http://www.assurance.com.au/advisories/200511-asterisk.txt
Vendor URL: http://www.asterisk.org/
Vendor Specific News/Changelog Entry: http://www.us.debian.org/security/2006/dsa-1048

Tools & Filters

Nessus	22590

Manual Testing Notes

Credit

Adam Pointon - adam.pointonassurance.com.au - Assurance.com.au

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Keywords

Description

Classification

Solution

Products

Asterisk

Asterisk

Asterisk@Home

References

Tools & Filters

Manual Testing Notes

Credit

Blogs

Comments