Bug#315532: asterisk: Buffer overflow in command line parser
Moritz Muehlenhoff <firstname.lastname@example.org>, email@example.com
Thu, 23 Jun 2005 11:38:17 +0200
Justification: user security hole
An exploitable security problem has been found in Asterisk by Wade
| There is a programming error in the function that parses commands in the
| Asterisk system. This is used by the manager interface if the user is
| allowed to submit CLI commands. The coding error can result in the
| overflow of one of the parameters of the calling function. That is, the
| command parsing function will return without error. However, the calling
| function will cause a segmentation fault.
| If the command string is specifically crafted, is it possible to use
| this stack overflow to execute arbitrary code on the Asterisk system.
| The resulting execution is (typically) run with root privileges.
| A command consisting of a recurring string of two double quotes followed
| by a tab character will induce the segmentation fault within a Call
| Manager thread.
The full advisory can found at
Version 1.0.8 fixes this issue.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)