OSVDB ID: 24806

Title: Asterisk Recording Interface (ARI) misc/audio.php recording Parameter Traversal Arbitrary File Access

Info

Disclosure

Apr 20, 2006

Discovery

Unknown

Dates

Exploit

Apr 20, 2006

Solution

Unknown

Description

Asterisk Recording Interface contains a flaw that allows a remote attacker to access other user's voice mail. The issue is due to the '/recordings/misc/audio.php' script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'recording' variable. This may lead to a loss of confidentiality of '.mp3', '.wav' and '.gsm' voice mail messages. In addition, attackers might be able to determine the existence of files of other files within the remote file system.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Public
OSVDB: Web Related

Solution

Upgrade to version 0.10.00 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Littlejohn Consulting

Asterisk Recording Interface

0.7.15

References

Security Tracker: 1015164
Bugtraq ID: 17641
Secunia Advisory ID: 19744
CVE ID: 2006-2021 (see also: NVD)
Related OSVDB ID: 24805
VUPEN Advisory: ADV-2006-1457
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0536.html
Vendor URL: http://www.littlejohnconsulting.com/?q=node/11
Other Advisory URL: http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2006.1

Credit

Francois Harvey - fharveysecuriweb.net - SecuriWeb

Direct URL: http://osvdb.org/24806