asterisk users - Jun 2005 - Asterisk Manager Interface Remote Buffer Overflow Vulnerability

http://www.frsirt.com/english/advisories/2005/0851

A vulnerability was identified in Asterisk, which may be exploited by
authenticated attackers to execute arbitrary commands. This flaw is due
to a buffer overflow error in the manager interface that does not
properly handle specially crafted commands, which could be exploited by
an authenticated attacker to obtain root privileges. Note : the manager
interface is not enabled by default.


-- 
Trixter http://www.0xdecafbad.com     Bret McDanel
UK +44 870 340 4605   Germany +49 801 777 555 3402
US +1 360 207 0479 or +1 516 687 5200
FreeWorldDialup: 635378
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.digium.com/pipermail/asterisk-users/attachments/20050622/b034a34a/attachment.pgp

THANK YOU NANCY DREW!!!  Could be a bit more vague about this eh?

/b
---
Anakin: ?You?re either with me, or you?re my enemy.?
Obi-Wan: ?Only a Sith could be an absolutist.?

On Jun 22, 2005, at 6:30 PM, trixter http://www.0xdecafbad.com wrote:
> http://www.frsirt.com/english/advisories/2005/0851
>
> A vulnerability was identified in Asterisk, which may be exploited by
> authenticated attackers to execute arbitrary commands. This flaw is  
> due
> to a buffer overflow error in the manager interface that does not
> properly handle specially crafted commands, which could be  
> exploited by
> an authenticated attacker to obtain root privileges. Note : the  
> manager
> interface is not enabled by default.
>
>
> -- 
> Trixter http://www.0xdecafbad.com     Bret McDanel
> UK +44 870 340 4605   Germany +49 801 777 555 3402
> US +1 360 207 0479 or +1 516 687 5200
> FreeWorldDialup: 635378
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users@lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users

Haha, fun.


Why use the bufferoverflow if you already have the permissions to
execute any linux command using the manager interface :p


Brian West wrote:
> THANK YOU NANCY DREW!!!  Could be a bit more vague about this eh?
>
> /b
> ---
> Anakin: ?You?re either with me, or you?re my enemy.?
> Obi-Wan: ?Only a Sith could be an absolutist.?
>
> On Jun 22, 2005, at 6:30 PM, trixter http://www.0xdecafbad.com wrote:
>
>> http://www.frsirt.com/english/advisories/2005/0851
>>
>> A vulnerability was identified in Asterisk, which may be exploited by
>> authenticated attackers to execute arbitrary commands. This flaw is 
due
>> to a buffer overflow error in the manager interface that does not
>> properly handle specially crafted commands, which could be  exploited
by
>> an authenticated attacker to obtain root privileges. Note : the 
manager
>> interface is not enabled by default.
>>
>>
>> --
>> Trixter http://www.0xdecafbad.com     Bret McDanel
>> UK +44 870 340 4605   Germany +49 801 777 555 3402
>> US +1 360 207 0479 or +1 516 687 5200
>> FreeWorldDialup: 635378
>> _______________________________________________
>> Asterisk-Users mailing list
>> Asterisk-Users@lists.digium.com
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users@lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url :
http://lists.digium.com/pipermail/asterisk-users/attachments/20050623/c2a8c648/signature.pgp