Bug#315532: Asterisk Manager Interface Overflow

Santiago José Ruano Rincón santiago at unicauca.edu.co
Tue Aug 2 04:59:33 UTC 2005


El dom, 31-07-2005 a las 16:02 -0700, Steve Langasek escribió:
> On Sun, Jul 31, 2005 at 10:48:48PM +0100, Mark Purcell wrote:
> > Bug #315532 has been rasied as grave security related bug against 
> > asterisk-1.0.7, which is included in the released sarge.
> 
> > It refers to a potential overflow in the Asterisk Manager Interface, which is 
> > not enabled by default in the Debian asterisk package.  In addition the 
> > Debian asterisk package is not run as root as upstream, but rather as the 
> > user asterisk with limited privs.
> 
> An exploit that results in escalated, non-root privileges is a grave bug (as
> opposed to a root escalation bug, which is critical).
> 
> > It has been pointed out that a user of the manager interface can execute 
> > arbitary commands anyway, so the potential for additional privs is again 
> > limited even in the case that the manager interface is enabled and exploited.
> 
> But a *limited* potential for privilege escalation is still a potential for
> privilege escalation.  If this bug can lead to privilege escalation in a
> normal use case for the package, then this ought to be treated as a security
> bug.
> 
> > My query is does this warrant an release from the security team of the 
> > relevant asterisk package?  The patch is included against the bug report.
> 
> If the patch is included in the bug report, why would we *not* want the
> security team to issue a DSA for it?
> 

I agree, I don't see a reason why the security team doesn't take care of
this.

regards,

-- 
Santiago Ruano Rincón
Grupo GNU/Linux de la Universidad del Cauca

Huella digital llave GPG: 
3821 4FB5 774A 611D 31E4  B268 414B 8423 6FEC CDE0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada
	digitalmente
Url : http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20050801/fa547dd5/attachment.pgp


More information about the Pkg-voip-maintainers mailing list