FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- remote heap overwrite vulnerability

Affected packages
asterisk < 1.2.13
asterisk-bristuff < 1.2.13

Details

VuXML ID 1c0def84-5fb1-11db-b2e9-0008c79fa3d2
Discovery 2006-10-17
Entry 2006-10-20

Adam Boileau of Security-Assessment.com reports:

The Asterisk Skinny channel driver for Cisco SCCP phones (chan_skinny.so) incorrectly validates a length value in the packet header. An integer wrap-around leads to heap overwrite, and arbitrary remote code execution as root.

References

Message 4536A2F2.2020902@security-assessment.com
URL http://www.security-assessment.com/files/advisories/Asterisk_remote_heap_overflow.pdf