Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2021

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2021
Last Modified 07 Mar 2011 09:34:48
Published 25 Apr 2006 04:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2021

Summary

Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. NOTE: this issue can also be used to determine existence of files.

Vulnerable Systems

Application

  • Asteriskathome 2.6


References

BID - 17641

SECUNIA - 19744

VUPEN - ADV-2006-1457

MISC - http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2006.1

BUGTRAQ - 20060421 [SecuriWeb 2006.1] directory traversal in Asterisk@Home and ARI

XF - asterisk-audio-directory-traversal(25996)

OSVDB - 24806

SREASON - 750


Last Updated: 27 May 2016 10:42:18