Описание
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-5358
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37051
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37052
- http://downloads.digium.com/pub/security/AST-2007-022.html
- http://osvdb.org/38201
- http://osvdb.org/38202
- http://secunia.com/advisories/27184
- http://www.securityfocus.com/archive/1/481996/100/0/threaded
- http://www.securityfocus.com/bid/26005
- http://www.securitytracker.com/id?1018804
- http://www.vupen.com/english/advisories/2007/3454
Связанные уязвимости
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.
Multiple buffer overflows in the voicemail functionality in Asterisk 1 ...