|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Asterisk SIP Request Buffer Overflow Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Sep 05 2003 - 06:31:54 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Asterisk SIP Request Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA9674
VERIFY ADVISORY:
http://www.secunia.com/advisories/9674/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
Asterisk
DESCRIPTION:
A vulnerability has been reported in Asterisk, which can be exploited
by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the SIP
(Session Initiation Protocol) implementation when handling certain
SIP requests. This can be exploited by sending a specially crafted
SIP request, which causes a buffer overflow.
Successful exploitation doesn't requires prior authentication and may
allow execution of arbitrary code with "root" privileges.
SOLUTION:
The vendor issued an updated CVS version on 15th of August 2003.
http://www.asterisk.org/
REPORTED BY / CREDITS:
Ollie Whitehouse, Graham Murphy, and Stephen Kapp from stake.
ORIGINAL ADVISORY:
http://www.atstake.com/research/advisories/2003/a090403-1.txt
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]