-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mu Security ( http://www.musecurity.com/ ) posted details of multiple vulnerabilities in Asterisk which have been fixed in the latest version. You can find more information at the Daily Asterisk News Site: http://www.sineapps.com/news.php?rssid=1448 Excerpt from their release: Vulnerability Details: A remote stack buffer overflow condition in Asterisk's MGCP implementation could allow for arbitrary code execution. The vulnerable code is triggered with the use of a malformed AUEP (audit endpoint) response message. A second issue exists in the handling of file names sent to the Record()application which could lead to arbitrary code execution via a format string attack or arbitrary file-overwrite via directory traversal techniques. The impact of this vulnerability is minimal, however, as it requires an administrator to use a client-controlled variable as part of the filename. Solution: Mu Security would like to thank the Asterisk security team for their timely response to these issues. A patch for the buffer overflow is available from the following link: http://ftp.digium.com/pub/asterisk/asterisk-1.2.11-patch.gz To protect against the Record() vulnerability, do not use user-controlled variables ( eg, ${CALLERIDNAME} ) as part of the the filename argument. - -- Cheers, Matt Riddell _______________________________________________ http://www.sineapps.com/news.php (Daily Asterisk News - html) http://freevoip.gedameurope.com (Free Asterisk Voip Community) http://www.sineapps.com/rssfeed.php (Daily Asterisk News - rss) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE7r9lS6d5vy0jeVcRAlygAJ4z0KuRJBw69O3BDGtTHs1b6ySYewCfYvF2 CzwW/aFSqOwNVtDN+OkTJ7I= =iXz6 -----END PGP SIGNATURE-----
