asterisk users - Jun 2005 - Asterisk Manager Interface Remote BufferOverflow Vulnerability

I think they are being vague to give people a time to upload to the
latest version.

Cheers,
Dean

> -----Original Message-----
> From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-
> bounces@lists.digium.com] On Behalf Of Brian West
> Sent: Thursday, 23 June 2005 11:45 AM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: Re: [Asterisk-Users] Asterisk Manager Interface Remote
> BufferOverflow Vulnerability
> 
> THANK YOU NANCY DREW!!!  Could be a bit more vague about this eh?
> 
> /b
> ---
> Anakin: "You're either with me, or you're my enemy."
> Obi-Wan: "Only a Sith could be an absolutist."
> 
> On Jun 22, 2005, at 6:30 PM, trixter http://www.0xdecafbad.com wrote:
> 
> > http://www.frsirt.com/english/advisories/2005/0851
> >
> > A vulnerability was identified in Asterisk, which may be exploited
by
> > authenticated attackers to execute arbitrary commands. This flaw is
> > due
> > to a buffer overflow error in the manager interface that does not
> > properly handle specially crafted commands, which could be
> > exploited by
> > an authenticated attacker to obtain root privileges. Note : the
> > manager
> > interface is not enabled by default.
> >
> >
> > --
> > Trixter http://www.0xdecafbad.com     Bret McDanel
> > UK +44 870 340 4605   Germany +49 801 777 555 3402
> > US +1 360 207 0479 or +1 516 687 5200
> > FreeWorldDialup: 635378
> > _______________________________________________
> > Asterisk-Users mailing list
> > Asterisk-Users@lists.digium.com
> > http://lists.digium.com/mailman/listinfo/asterisk-users
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-users
> 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users@lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users