Monday, October 15, 2007

Asterisk vulnerability, Buffer overflows in voicemail when using IMAP storage

A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the IMAP-specific code for processing voicemail messages. This can be exploited to cause a buffer overflow via a specially crafted voicemail message sent as email containing an overly long (more than 1024 characters) combination of Content-Type or Content-Description headers.
Successful exploitation requires that a user listens to the voicemail message via a phone. The vulnerability is reported in 1.4.x versions prior to 1.4.13.

Secunia Report
Asterisk Report and Solution


Blog Widget by LinkWithin