-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory OpenPKG GmbH http://www.openpkg.org/security/ http://openpkg.com OpenPKG-SA-2006.024 2006-10-19 ________________________________________________________________________ Package: asterisk Vulnerability: arbitrary code execution OpenPKG Specific: no Affected Series: Affected Packages: Corrected Packages: 1.0-ENTERPRISE n.a. >= asterisk-1.2.13-E1.0.0 2-STABLE-20061018 <= asterisk-1.2.12.1-2.20061018 >= asterisk-1.2.13-2.20061019 2-STABLE <= asterisk-1.2.12.1-2.20061018 >= asterisk-1.2.13-2.20061019 CURRENT <= asterisk-1.2.12.1-20061015 >= asterisk-1.2.13-20061019 Description: According to a vendor security advisory [1], a vulnerability exists in the Asterisk Private Branch Exchange (PBX) software [2]. This vulnerability would enable an attacker to remotely execute code as the user Asterisk is running under. It is not required that the "skinny.conf" file contains any valid phone entries, only that the "chan_skinny" module is loaded and operational (but which is not the default in OpenPKG's default Asterisk configuration). ________________________________________________________________________ References: [1] http://www.asterisk.org/node/109 [2] http://www.asterisk.org/ ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <openpkg@xxxxxxxxxxx>" (ID 63C4CB9F) which you can retrieve from http://www.openpkg.org/openpkg.pgp. Follow the instructions on http://www.openpkg.org/security/signatures/ for details on how to verify the integrity of this advisory. ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG <openpkg@xxxxxxxxxxx> iD8DBQFFNxMegHWT4GPEy58RAq4GAJ9UrzIf9MT5cUztLrTMzr8/759m7QCgiGgh aNXXEjaQmUni8srlm2GgzmI= =JoD6 -----END PGP SIGNATURE-----
