asterisk
Page content
- Author: voroskoi
- Vulnerable: 1.4.11-2
- Unaffected: 1.4.13-1sayshell1
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the IMAP-specific code for processing voicemail messages. This can be exploited to cause a buffer overflow via a specially crafted voicemail message sent as email containing an overly long (more than 1024 characters) combination of Content-Type or Content-Description headers. Successful exploitation requires that a user listens to the voicemail message via a phone.
- Bug Tracker URL: http://bugs.frugalware.org/task/2494