Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3559

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3559
Last Modified 07 Mar 2011 09:26:46
Published 16 Nov 2005 02:42:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3559

Summary

Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.

Vulnerable Systems

Application

  • Digium Asterisk 0.1.0

  • Digium Asterisk 0.1.1

  • Digium Asterisk 0.1.10

  • Digium Asterisk 0.1.11

  • Digium Asterisk 0.1.12

  • Digium Asterisk 0.1.2

  • Digium Asterisk 0.1.3

  • Digium Asterisk 0.1.4

  • Digium Asterisk 0.1.5

  • Digium Asterisk 0.1.6

  • Digium Asterisk 0.1.7

  • Digium Asterisk 0.1.8

  • Digium Asterisk 0.1.9

  • Digium Asterisk 0.2.0

  • Digium Asterisk 0.3.0

  • Digium Asterisk 0.4.0

  • Digium Asterisk 0.5.0

  • Digium Asterisk 0.7.0

  • Digium Asterisk 0.7.1

  • Digium Asterisk 0.7.2

  • Digium Asterisk 1.0 Rc1

  • Digium Asterisk 1.0 Rc2

  • Digium Asterisk 1.0.0

  • Digium Asterisk 1.0.1

  • Digium Asterisk 1.0.2

  • Digium Asterisk 1.0.3

  • Digium Asterisk 1.0.4

  • Digium Asterisk 1.0.5

  • Digium Asterisk 1.0.6

  • Digium Asterisk 1.0.7

  • Digium Asterisk 1.0.8

  • Digium Asterisk 1.0.9

  • Digium Asterisk 1.2.0 Beta1


References

XF - asterisk-vmail-obtain-information(23002)

VUPEN - ADV-2005-2346

BID - 15336

BUGTRAQ - 20051107 Asterisk vmail.cgi vulnerability

DEBIAN - DSA-1048

MISC - http://www.assurance.com.au/advisories/200511-asterisk.txt

SECTRACK - 1015164

SECUNIA - 19872

SECUNIA - 17459

OSVDB - 20577


Last Updated: 27 May 2016 10:40:58