lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <OpenPKG-SA-2006.024@openpkg.org>
Date: Thu, 19 Oct 2006 07:55:37 +0200
From: OpenPKG <openpkg@...npkg.org>
To: bugtraq@...urityfocus.com
Subject: [OpenPKG-SA-2006.024] OpenPKG Security Advisory (asterisk)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory                                   OpenPKG GmbH
http://www.openpkg.org/security/                      http://openpkg.com
OpenPKG-SA-2006.024                                           2006-10-19
________________________________________________________________________

Package:          asterisk
Vulnerability:    arbitrary code execution
OpenPKG Specific: no

Affected Series:  Affected Packages:              Corrected Packages:
1.0-ENTERPRISE    n.a.                            >= asterisk-1.2.13-E1.0.0
2-STABLE-20061018 <= asterisk-1.2.12.1-2.20061018 >= asterisk-1.2.13-2.20061019
2-STABLE          <= asterisk-1.2.12.1-2.20061018 >= asterisk-1.2.13-2.20061019
CURRENT           <= asterisk-1.2.12.1-20061015   >= asterisk-1.2.13-20061019

Description:
  According to a vendor security advisory [1], a vulnerability exists
  in the Asterisk Private Branch Exchange (PBX) software [2]. This
  vulnerability would enable an attacker to remotely execute code as
  the user Asterisk is running under. It is not required that the
  "skinny.conf" file contains any valid phone entries, only that the
  "chan_skinny" module is loaded and operational (but which is not the
  default in OpenPKG's default Asterisk configuration).
________________________________________________________________________

References:
  [1] http://www.asterisk.org/node/109 
  [2] http://www.asterisk.org/
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@...npkg.org>" (ID 63C4CB9F) which
you can retrieve from http://www.openpkg.org/openpkg.pgp. Follow the
instructions on http://www.openpkg.org/security/signatures/ for details
on how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@...npkg.org>

iD8DBQFFNxMegHWT4GPEy58RAq4GAJ9UrzIf9MT5cUztLrTMzr8/759m7QCgiGgh
aNXXEjaQmUni8srlm2GgzmI=
=JoD6
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ