|
|
Subscribe / Log in / New account

asterisk: arbitrary code execution

Package(s):asterisk CVE #(s):CVE-2011-0495
Created:February 4, 2011 Updated:February 21, 2011
Description: From the CVE entry:

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.

Alerts:
Debian DSA-2171-1 asterisk 2011-02-21
Fedora FEDORA-2011-0794 asterisk 2011-01-26
Fedora FEDORA-2011-0774 asterisk 2011-01-26
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds