Wade Alcorn

Name of the Vulnerable Software and Affected Versions: Castle Rock Computing SNMPc versions 7.1 and earlier Description: The issue is a stack-based buffer overflow in the Network Manager, which can be triggered by remote attackers sending a long community string in an SNMP TRAP packet. This can cause a denial of service, resulting in a crash, or potentially allow the execution of arbitrary code. Recommendations: For Castle Rock Computing SNMPc versions 7.1 and earlier, update to a version later than 7.1 to resolve the issue. As a temporary workaround, consider restricting access to the Network Manager to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Asterisk version 1.0.7 Description: The issue is related to a stack-based buffer overflow in the function that parses commands. This occurs when the 'write = command' option is enabled, allowing remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character. Recommendations: For Asterisk version 1.0.7, consider disabling the 'write = command' option as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.