Описание
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
A flaw was found in Asterisk. When the ast_coredumper writes its gdb init and output files to a world-writable directory, a local attacker with write permissions to that directory can exploit this vulnerability. By manipulating the gdb init file and output paths, the attacker can cause the system to execute arbitrary commands as root or overwrite arbitrary files, leading to privilege escalation and potential system compromise.
Отчет
This IMPORTANT vulnerability in Asterisk allows a local attacker to achieve privilege escalation. When the ast_coredumper writes to a world-writable directory, such as /tmp, a local user can manipulate the GDB init and output files. This manipulation can lead to the execution of arbitrary commands as root or the overwriting of arbitrary files. This affects Asterisk packages in Red Hat Community Projects, including EPEL 8, EPEL 9, Fedora 42, and Fedora 43.
Меры по смягчению последствий
To mitigate this vulnerability, configure Asterisk's ast_coredumper to write its gdb initialization and output files to a directory with restricted permissions, preventing unprivileged users from modifying them. Ensure the chosen directory is not world-writable. Consult Asterisk documentation for specific configuration parameters related to ast_coredumper output paths. A restart of the Asterisk service may be required for changes to take effect.
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
Asterisk is an open source private branch exchange and telephony toolk ...
7.8 High
CVSS3