security issues with asterisk 1.2.10
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Fri Aug 25 09:50:54 UTC 2006
Hi
I'm trying to figure out
http://labs.musecurity.com/advisories/MU-200608-01.txt
There are two issues here:
1. An issues in the MGCP channel. As I have not examined it, I must
assume that it also affects the version in Sage until proven otherwise.
This is also remotely exploitable. Note that most people don't use mgcp,
and the MGCP channel of Asterisk is partially broken. I'm not sure if by
with a default configuration the MGCP channel will manage to bind on a
port at all.
2. A format string issue with Record(). Probably in Sarge as well. Not
in the default configuration.
--
Tzafrir Cohen sip:tzafrir at local.xorcom.com
icq#16849755 iax:tzafrir at local.xorcom.com
+972-50-7952406 jabber:tzafrir at jabber.org
tzafrir.cohen at xorcom.com http://www.xorcom.com
More information about the Pkg-voip-maintainers
mailing list