PT-2007-6416 · Digium · Asterisk
Published
2007-10-12
·
Updated
2018-10-15
·
CVE-2007-5358
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Asterisk versions 1.4.x through 1.4.12
Description:
The issue is related to multiple buffer overflows in the voicemail functionality when using IMAP storage. This could allow remote attackers to execute arbitrary code via a long combination of
Content-type and Content-description headers. Additionally, local users might be able to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields, provided they have write access to Asterisk configuration files.Recommendations:
For Asterisk versions 1.4.x through 1.4.12, update to version 1.4.13 or later to resolve the issue.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asterisk