CVE-2005-3559
CVSS5.0
发布时间 :2005-11-16 02:42:00
修订时间 :2011-03-07 21:26:46
NMCOPS    

[原文]Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.


[CNNVD]Asterisk vmail.cgi目录遍历漏洞(CNNVD-200511-177)

        Asterisk是一款PBX系统的软件,运行在Linux系统上,支持使用SIP、IAX、H323协议进行IP通话。
        Asterisk 1.0.9 直到 1.2.0-beta1 版本中,vmail.cgi 存在目录遍历漏洞,这会允许远程攻击者在目录参数中加入".."(参数中包含'..')来访问WAV文件。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:digium:asterisk:1.2.0_beta1
cpe:/a:digium:asterisk:0.7.2Digium Asterisk 0.7.2
cpe:/a:digium:asterisk:1.0.7Digium Asterisk 1.0.7
cpe:/a:digium:asterisk:1.0.1Digium Asterisk 1.0.1
cpe:/a:digium:asterisk:0.7.0Digium Asterisk 0.7.0
cpe:/a:digium:asterisk:1.0.9Digium Asterisk 1.0.9
cpe:/a:digium:asterisk:0.1.5Digium Asterisk 0.1.5
cpe:/a:digium:asterisk:0.1.7Digium Asterisk 0.1.7
cpe:/a:digium:asterisk:1.0_rc1
cpe:/a:digium:asterisk:1.0.5Digium Asterisk 1.0.5
cpe:/a:digium:asterisk:0.4.0Digium Asterisk 0.4.0
cpe:/a:digium:asterisk:1.0_rc2
cpe:/a:digium:asterisk:1.0.2Digium Asterisk 1.0.2
cpe:/a:digium:asterisk:0.1.4Digium Asterisk 0.1.4
cpe:/a:digium:asterisk:0.1.9Digium Asterisk 0.1.9
cpe:/a:digium:asterisk:0.1.2Digium Asterisk 0.1.2
cpe:/a:digium:asterisk:0.1.0Digium Asterisk 0.1.0
cpe:/a:digium:asterisk:0.1.8Digium Asterisk 0.1.8
cpe:/a:digium:asterisk:0.7.1Digium Asterisk 0.7.1
cpe:/a:digium:asterisk:1.0.8Digium Asterisk 1.0.8
cpe:/a:digium:asterisk:0.1.12Digium Asterisk 0.1.12
cpe:/a:digium:asterisk:0.3.0Digium Asterisk 0.3.0
cpe:/a:digium:asterisk:1.0.0Digium Asterisk 1.0.0
cpe:/a:digium:asterisk:1.0.6Digium Asterisk 1.0.6
cpe:/a:digium:asterisk:0.1.3Digium Asterisk 0.1.3
cpe:/a:digium:asterisk:0.1.10Digium Asterisk 0.1.10
cpe:/a:digium:asterisk:0.5.0Digium Asterisk 0.5.0
cpe:/a:digium:asterisk:1.0.3Digium Asterisk 1.0.3
cpe:/a:digium:asterisk:0.1.11Digium Asterisk 0.1.11
cpe:/a:digium:asterisk:0.2.0Digium Asterisk 0.2.0
cpe:/a:digium:asterisk:1.0.4Digium Asterisk 1.0.4
cpe:/a:digium:asterisk:0.1.6Digium Asterisk 0.1.6
cpe:/a:digium:asterisk:0.1.1Digium Asterisk 0.1.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3559
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3559
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200511-177
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/23002
(UNKNOWN)  XF  asterisk-vmail-obtain-information(23002)
http://www.vupen.com/english/advisories/2005/2346
(UNKNOWN)  VUPEN  ADV-2005-2346
http://www.securityfocus.com/bid/15336
(UNKNOWN)  BID  15336
http://www.securityfocus.com/archive/1/archive/1/415990/30/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20051107 Asterisk vmail.cgi vulnerability
http://www.debian.org/security/2006/dsa-1048
(UNKNOWN)  DEBIAN  DSA-1048
http://www.assurance.com.au/advisories/200511-asterisk.txt
(VENDOR_ADVISORY)  MISC  http://www.assurance.com.au/advisories/200511-asterisk.txt
http://securitytracker.com/id?1015164
(UNKNOWN)  SECTRACK  1015164
http://secunia.com/advisories/19872
(UNKNOWN)  SECUNIA  19872
http://secunia.com/advisories/17459
(VENDOR_ADVISORY)  SECUNIA  17459
http://osvdb.org/20577
(UNKNOWN)  OSVDB  20577

- 漏洞信息

Asterisk vmail.cgi目录遍历漏洞
中危 路径遍历
2005-11-16 00:00:00 2006-08-23 00:00:00
远程  
        Asterisk是一款PBX系统的软件,运行在Linux系统上,支持使用SIP、IAX、H323协议进行IP通话。
        Asterisk 1.0.9 直到 1.2.0-beta1 版本中,vmail.cgi 存在目录遍历漏洞,这会允许远程攻击者在目录参数中加入".."(参数中包含'..')来访问WAV文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        http://www.asterisk.org/

- 漏洞信息 (F45968)

Debian Linux Security Advisory 1048-1 (PacketStormID:F45968)
2006-05-01 00:00:00
Debian  debian.org
advisory,overflow,arbitrary,telephony
linux,debian
CVE-2005-3559,CVE-2006-1827
[点击下载]

Debian Security Advisory 1048-1 - Several problems have been discovered in Asterisk, an Open Source Private Branch Exchange (telephone control center). Adam Pointon discovered that due to missing input sanitizing it is possible to retrieve recorded phone messages for a different extension. Emmanouel Kellinis discovered an integer signedness error that could trigger a buffer overflow and hence allow the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1048-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
May 1st, 2006                           http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : asterisk
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-3559 CVE-2006-1827
BugTraq ID     : 15336
Debian Bug     : 338116

Several problems have been discovered in Asterisk, an Open Source
Private Branch Exchange (telephone control center).  The Common
Vulnerabilities and Exposures project identifies the following
problems:

CVE-2005-3559

    Adam Pointon discovered that due to missing input sanitising it is
    possible to retrieve recorded phone messages for a different
    extension.

CVE-2006-1827

    Emmanouel Kellinis discovered an integer signedness error that
    could trigger a buffer overflow and hence allow the execution of
    arbitrary code.

For the old stable distribution (woody) this problem has been fixed in
version 0.1.11-3woody1.

For the stable distribution (sarge) this problem has been fixed in
version 1.0.7.dfsg.1-2sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 1.2.7.1.dfsg-1.

We recommend that you upgrade your asterisk package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1.dsc
      Size/MD5 checksum:      664 373ab7aabc288579558c4f89f5afa6c9
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1.diff.gz
      Size/MD5 checksum:     7105 0147328df3620d3a2cd4604817518c6f
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11.orig.tar.gz
      Size/MD5 checksum:  1094520 799022997d32f9f63ee47db4f3069cc7

  Alpha architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_alpha.deb
      Size/MD5 checksum:  1102026 614622fa8f8c1d528834c62b066e9502

  ARM architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_arm.deb
      Size/MD5 checksum:  1007528 7a764a742b9563ca733ac9d593b9f2ba

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_i386.deb
      Size/MD5 checksum:   966436 aca1c73b82bab36013ec4facae76c62f

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_ia64.deb
      Size/MD5 checksum:  1221462 b61d30160a3ee4192a1e1bca0cfced47

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_hppa.deb
      Size/MD5 checksum:  1097966 82456597bb249cf1a0e92e7321537dd9

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_m68k.deb
      Size/MD5 checksum:   967110 7e991ae768bdffb90338001e4384e27a

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_mipsel.deb
      Size/MD5 checksum:   988628 252c7fcd9903a4c8e99842619a2e3bed

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_powerpc.deb
      Size/MD5 checksum:  1018210 6bcdbe5da063b50f7900f46d2f679c1c

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_s390.deb
      Size/MD5 checksum:   993864 eb1e66f13d2615a90b167ffbb68e1501

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_sparc.deb
      Size/MD5 checksum:  1073510 5cd2731fbb6afb3b8a3c4cc3e5c887df


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2.dsc
      Size/MD5 checksum:     1261 e99dfbd0308ea3f26a29ce17fe30d755
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2.diff.gz
      Size/MD5 checksum:    69531 8d64de4a35a37614e37770e49229cc8e
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1.orig.tar.gz
      Size/MD5 checksum:  2929488 0d0f718ccd7a06ab998c3f637df294c0

  Architecture independent components:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.0.7.dfsg.1-2sarge2_all.deb
      Size/MD5 checksum:    61454 756d8457fec2dfc73e93d4885ad99632
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.0.7.dfsg.1-2sarge2_all.deb
      Size/MD5 checksum:    83242 aede47f1e3cb5fb4b092ec106f155503
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.0.7.dfsg.1-2sarge2_all.deb
      Size/MD5 checksum:  1577520 52edf9d30e42e5f43edb417a48279bc4
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.0.7.dfsg.1-2sarge2_all.deb
      Size/MD5 checksum:  1179972 ba1498fb09ce854e91c363697e5f56c5
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.0.7.dfsg.1-2sarge2_all.deb
      Size/MD5 checksum:    28236 29cee78488bd0292e469b02f557f325a

  Alpha architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_alpha.deb
      Size/MD5 checksum:  1477470 4b27fd45bf591a45c1df219e7427fb3f
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_alpha.deb
      Size/MD5 checksum:    31268 fbd1f14dbece0fa6c35020d28cf5fc19
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_alpha.deb
      Size/MD5 checksum:    21294 b2c38dc8fab098ba42b9a2b9df53365a

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_amd64.deb
      Size/MD5 checksum:  1333126 97cf9b0f02ca85a0f3988a419d74d101
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_amd64.deb
      Size/MD5 checksum:    30694 3da16a12852ccde9c25fd06d20ddf165
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_amd64.deb
      Size/MD5 checksum:    21298 7fdce0bf81003472019fc238c97039a6

  ARM architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_arm.deb
      Size/MD5 checksum:  1262564 a662f0c5b745b84c77821529a5b95c74
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_arm.deb
      Size/MD5 checksum:    29408 4b2371af11e31fe17f3b1ce428009c71
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_arm.deb
      Size/MD5 checksum:    21294 5695bb2ba51ba159f75186ead3aeadd8

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_i386.deb
      Size/MD5 checksum:  1175100 057c97258c30084249ed87a8e67e34fe
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_i386.deb
      Size/MD5 checksum:    29722 21b28111a92b3054727af9cdf7ca40db
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_i386.deb
      Size/MD5 checksum:    21292 7ae9ba55b0ab039f3a0183aa4805af7c

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_ia64.deb
      Size/MD5 checksum:  1771018 9a595b393cb2e6f68f27d964e3f7a11a
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_ia64.deb
      Size/MD5 checksum:    32826 6922be80b649d6ad44081f6bccc512c9
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_ia64.deb
      Size/MD5 checksum:    21292 bdcf965b876781e1b6aa3b185e9443f6

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_hppa.deb
      Size/MD5 checksum:  1447646 38bce42679887ab40a5ac4a8e7f725d2
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_hppa.deb
      Size/MD5 checksum:    31338 447483805146ef8cf996cb3b8c3931a0
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_hppa.deb
      Size/MD5 checksum:    21296 7224f123df44bb817ac4f4fe8e4fc96d

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_m68k.deb
      Size/MD5 checksum:  1184568 b6814c31545c9dfa4aea857f7e527929
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_m68k.deb
      Size/MD5 checksum:    30084 f66438755ea42f48a45e1bcb977d4ed8
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_m68k.deb
      Size/MD5 checksum:    21302 a29dc084d1a5a3cc9547f610d5f07ace

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_mips.deb
      Size/MD5 checksum:  1263690 bcda258393f2672dd2dce565dd71e9d7
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_mips.deb
      Size/MD5 checksum:    29292 a0fc61357a8949cd49e52535f89280e6
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_mips.deb
      Size/MD5 checksum:    21296 b38df181f2f9689c8e71ead3cdf17af8

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_mipsel.deb
      Size/MD5 checksum:  1270114 cfcfdb5ba55a4c15c2f51cd9af0ff914
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_mipsel.deb
      Size/MD5 checksum:    29228 e0323dccf28dcb718a1b5c4c8ae1e9b7
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_mipsel.deb
      Size/MD5 checksum:    21294 a4f3b1157e61cc14f5c3820d5b38348e

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_powerpc.deb
      Size/MD5 checksum:  1421934 d29f00ef7f63141125a9d55dd8f03680
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_powerpc.deb
      Size/MD5 checksum:    31028 ae3955beb5caff9ecba95a71f1511d6f
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_powerpc.deb
      Size/MD5 checksum:    21298 0e03c0122050501ca3869a442cc43cc3

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_s390.deb
      Size/MD5 checksum:  1312360 1ce88997009285a2934c29f6109f3c58
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_s390.deb
      Size/MD5 checksum:    30714 69eac145cbdfe8764b11b0c25de86f71
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_s390.deb
      Size/MD5 checksum:    21296 778dd4c365e79f059af8a70f4a3e8af8

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_sparc.deb
      Size/MD5 checksum:  1274034 812e80e52c2d0d0e2d0e6b9e735034dd
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_sparc.deb
      Size/MD5 checksum:    29678 08e85cff017d51beb8834333090fb2f6
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_sparc.deb
      Size/MD5 checksum:    21296 eab26f52aae41a639dc7221605f5e023


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEVZCbW5ql+IAeqTIRAit4AJ9QuneK2EXDPUe3qerNNv/aFUEK1gCgiqLD
JFr8mQVws+5Lk/dB4hpSBXA=
=+AvP
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

20577
Asterisk vmail.cgi folder Variable Traversal Arbitrary .wav File Access
Remote / Network Access Input Manipulation
Loss of Confidentiality
Exploit Public Vendor Verified

- 漏洞描述

Asterisk contains a flaw that allows an authenticated user to access other users' voice mail wav files. The issue is due to the vmail.cgi not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "folder" variable.

- 时间线

2005-11-07 2005-10-17
2005-11-07 Unknow

- 解决方案

Upgrade to version 1.2.0-rc2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Asterisk Voicemail Unauthorized Access Vulnerability
Input Validation Error 15336
Yes No
2005-11-07 12:00:00 2006-12-05 04:54:00
Adam Pointon of Assurance.com.au is credited with the discovery of this vulnerability.

- 受影响的程序版本

Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Asterisk@Home Asterisk@Home 2.0 -beta4
Asterisk@Home Asterisk@Home 1.5
Asterisk Asterisk 1.2 .0-beta1
Asterisk Asterisk 1.0.9
Asterisk Asterisk 1.0.8
Asterisk Asterisk 1.0.7
Asterisk Asterisk 0.9 .0
Asterisk Asterisk 0.7.2
Asterisk Asterisk 0.7.1
Asterisk Asterisk 0.7 .0
Asterisk Asterisk 0.4
Asterisk Asterisk 0.3
Asterisk Asterisk 0.2
Asterisk Asterisk 0.1.11
Asterisk Asterisk 0.1.9 -1
Asterisk Asterisk 0.1.9
Asterisk Asterisk 0.1.8
Asterisk Asterisk 0.1.7
Asterisk Asterisk 1.2 .0-beta2

- 不受影响的程序版本

Asterisk Asterisk 1.2 .0-beta2

- 漏洞讨论

Asterisk is prone to an unauthorized-access vulnerability. This issue is due to a failure in the application to properly verify user-supplied input.

Successful exploitation will grant an attacker access to a victim user's voicemail and to any '.wav/.WAV' files currently on the affected system.

- 漏洞利用

No exploit is required.

The following proof-of-concept URI is available:

http://www.example.org/cgi-bin/vmail.cgi?action=audio&folder=../201/INBOX&mailbox=200&context=default&password=12345&msgid=0001&format=wav

- 解决方案

The vendor has addressed this issue in Asterisk version 1.2.0-beta2.

Please see the referenced vendor advisories for details on obtaining and applying the appropriate updates.


Asterisk Asterisk 0.1.11

Asterisk Asterisk 0.1.7

Asterisk Asterisk 0.1.8

Asterisk Asterisk 0.1.9

Asterisk Asterisk 0.1.9 -1

Asterisk Asterisk 0.2

Asterisk Asterisk 0.3

Asterisk Asterisk 0.4

Asterisk Asterisk 0.7 .0

Asterisk Asterisk 0.7.1

Asterisk Asterisk 0.7.2

Asterisk Asterisk 0.9 .0

Asterisk Asterisk 1.0.7

Asterisk Asterisk 1.0.8

Asterisk Asterisk 1.0.9

Asterisk Asterisk 1.2 .0-beta1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站