Asterisk vulnerability, Buffer overflows in voicemail when using IMAP storage
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the IMAP-specific code for processing voicemail messages. This can be exploited to cause a buffer overflow via a specially crafted voicemail message sent as email containing an overly long (more than 1024 characters) combination of Content-Type or Content-Description headers.
Successful exploitation requires that a user listens to the voicemail message via a phone. The vulnerability is reported in 1.4.x versions prior to 1.4.13.
Secunia Report
Asterisk Report and Solution
0 comments:
Post a Comment