OpenPKG Security Advisory - OpenPKG-SA-2006.024: According to a vendor security advisory [1], a vulnerability exists in the Asterisk Private Branch Exchange (PBX) software [2]. This vulnerability would enable an attacker to remotely execute code as the user Asterisk is running under. It is not required that the "skinny.conf" file contains any valid phone entries, only that the "chan_skinny" module is loaded and operational (but which is not the default in OpenPKG's default Asterisk configuration).
ad50af74accf0c123d0c691ba53c59fe1bb6624de2a2d66ff30fb4f760097fce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
OpenPKG Security Advisory OpenPKG GmbH
https://www.openpkg.org/security/ https://openpkg.com
OpenPKG-SA-2006.024 2006-10-19
________________________________________________________________________
Package: asterisk
Vulnerability: arbitrary code execution
OpenPKG Specific: no
Affected Series: Affected Packages: Corrected Packages:
1.0-ENTERPRISE n.a. >= asterisk-1.2.13-E1.0.0
2-STABLE-20061018 <= asterisk-1.2.12.1-2.20061018 >= asterisk-1.2.13-2.20061019
2-STABLE <= asterisk-1.2.12.1-2.20061018 >= asterisk-1.2.13-2.20061019
CURRENT <= asterisk-1.2.12.1-20061015 >= asterisk-1.2.13-20061019
Description:
According to a vendor security advisory [1], a vulnerability exists
in the Asterisk Private Branch Exchange (PBX) software [2]. This
vulnerability would enable an attacker to remotely execute code as
the user Asterisk is running under. It is not required that the
"skinny.conf" file contains any valid phone entries, only that the
"chan_skinny" module is loaded and operational (but which is not the
default in OpenPKG's default Asterisk configuration).
________________________________________________________________________
References:
[1] https://www.asterisk.org/node/109
[2] https://www.asterisk.org/
________________________________________________________________________
For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) which
you can retrieve from https://www.openpkg.org/openpkg.pgp. Follow the
instructions on https://www.openpkg.org/security/signatures/ for details
on how to verify the integrity of this advisory.
________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@openpkg.org>
iD8DBQFFNxMegHWT4GPEy58RAq4GAJ9UrzIf9MT5cUztLrTMzr8/759m7QCgiGgh
aNXXEjaQmUni8srlm2GgzmI=
=JoD6
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed