Asterisk Recording Interface contains a flaw that allows a remote attacker to access other user's voice mail. The issue is due to the '/recordings/misc/audio.php' script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'recording' variable. This may lead to a loss of confidentiality of '.mp3', '.wav' and '.gsm' voice mail messages. In addition, attackers might be able to determine the existence of files of other files within the remote file system.

Upgrade to version 0.10.00 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1015164
• Bugtraq ID: 17641
• Secunia Advisory ID: 19744
• CVE ID: 2006-2021 (see also: NVD)
• Related OSVDB ID: 24805
• VUPEN Advisory: ADV-2006-1457
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0536.html
• Vendor URL: http://www.littlejohnconsulting.com/?q=node/11
• Other Advisory URL: http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2006.1

• Francois Harvey - fharveysecuriweb.net - SecuriWeb