Back to search
CVE-2007-5358
Published: Oct 12, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://downloads.digium.com/pub/security/AST-2007-022.html
x_refsource_CONFIRM
38201
vdb-entry
x_refsource_OSVDB
asterisk-contentheader-bo(37052)
vdb-entry
x_refsource_XF
38202
vdb-entry
x_refsource_OSVDB
27184
third-party-advisory
x_refsource_SECUNIA
1018804
vdb-entry
x_refsource_SECTRACK
26005
vdb-entry
x_refsource_BID
asterisk-sprintf-bo(37051)
vdb-entry
x_refsource_XF
20071010 AST-2007-022: Buffer overflows in voicemail when using IMAP storage
mailing-list
x_refsource_BUGTRAQ
ADV-2007-3454
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now