CVE-2006-4346

Name of the Vulnerable Software and Affected Versions Asterisk version 1.2.10

Description The issue allows remote attackers to execute code or overwrite files. This is achieved through the use of client-controlled variables in the Record function, such as the CALLERIDNAME variable, which can be manipulated to include format string specifiers for code execution or to perform directory traversals for file overwriting.

Recommendations For Asterisk version 1.2.10, consider restricting the use of client-controlled variables in the Record function to minimize the risk of exploitation. As a temporary workaround, restrict access to the Record function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.