Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1333

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2008-1333
Last Modified 07 Mar 2011 10:06:43
Published 19 Mar 2008 08:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1333

Summary

Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function.

Vulnerable Systems

Application

  • Asterisk Open Source 1.6.0 Beta1

  • Asterisk Open Source 1.6.0 Beta2

  • Asterisk Open Source 1.6.0 Beta3

  • Asterisk Open Source 1.6.0 Beta4

  • Asterisk Open Source 1.6.0 Beta5


References

CONFIRM - http://downloads.digium.com/pub/security/AST-2008-004.html

VUPEN - ADV-2008-0928

XF - asterisk-astverbose-dos(41301)

BID - 28311

BUGTRAQ - 20080318 AST-2008-004: Format String Vulnerability in Logger and Manager

DEBIAN - DSA-1525

CONFIRM - http://www.asterisk.org/node/48466

SECTRACK - 1019630

SECUNIA - 29456

SECUNIA - 29426


Last Updated: 27 May 2016 10:47:06