Info

Last Modified

about 1 year ago

Percent Complete

Disclosure

Oct 10, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

This Entry needs help! It is only 5% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Keywords

No Keywords

Description

(Description Provided by CVE) : Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.

Classification

Attack Type: Input Manipulation

Products

Unknown or Incomplete

References

Security Tracker: 1018804
CVE ID: 2007-5358 (see also: NVD)
Bugtraq ID: 26005
Secunia Advisory ID: 27184
ISS X-Force ID: 37051 37052
Related OSVDB ID: 38201
FrSIRT Advisory: ADV-2007-3454
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-10/0146.html
Vendor Specific News/Changelog Entry: http://downloads.digium.com/pub/security/AST-2007-022.html

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches