Back to search
CVE-2006-5444
Published: Oct 23, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
22480
third-party-advisory
x_refsource_SECUNIA
http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13
x_refsource_CONFIRM
DSA-1229
vendor-advisory
x_refsource_DEBIAN
GLSA-200610-15
vendor-advisory
x_refsource_GENTOO
SUSE-SA:2006:069
vendor-advisory
x_refsource_SUSE
20617
vdb-entry
x_refsource_BID
ADV-2006-4097
vdb-entry
x_refsource_VUPEN
22651
third-party-advisory
x_refsource_SECUNIA
29972
vdb-entry
x_refsource_OSVDB
OpenPKG-SA-2006.024
vendor-advisory
x_refsource_OPENPKG
20061018 Asterisk remote heap overflow
mailing-list
x_refsource_FULLDISC
23212
third-party-advisory
x_refsource_SECUNIA
http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12
x_refsource_CONFIRM
asterisk-getinput-code-execution(29663)
vdb-entry
x_refsource_XF
VU#521252
third-party-advisory
x_refsource_CERT-VN
1017089
vdb-entry
x_refsource_SECTRACK
22979
third-party-advisory
x_refsource_SECUNIA
http://www.asterisk.org/node/109
x_refsource_CONFIRM
20061018 Security-Assessment.com Advisory: Asterisk remote heap overflow
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now