Bug#394025: Remote compromise
Metlstorm
metlstorm at storm.net.nz
Wed Oct 18 22:49:55 UTC 2006
Package: asterisk
Version: 1.0.7.dfsg.1-2sarge3
Severity: Critical
Tags: Security
Asterisk 1.0 and 1.2 versions up to and including 1.2.12.1 and 1.0.11 are
vulnerable to a remote, unauthenticated heap overflow leading to arbitrary
code execution as root.
New upstream releases 1.0.12 and 1.2.13 provide patches for this problem.
No public expliot is currently known, but private proof-of-concept took
less than a day.
More information is available in the security advisory from
Security-Assessment, at http://www.security-assessment.com, or
http://www.storm.net.nz/projects/18
---
Adam Boileau / Metlstorm
More information about the Pkg-voip-maintainers
mailing list