Stack Buffer Overflow in HTTP Manager
Bug #956581 reported by
Paul Belanger
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
asterisk (Ubuntu) |
Fix Released
|
Undecided
|
Paul Belanger |
Bug Description
An attacker attempting to connect to an HTTP session of the Asterisk Manager Interface can send an arbitrarily long string value for HTTP Digest Authentication. This causes a stack buffer overflow, with the possibility of remote code injection.
http://
Related branches
Changed in asterisk (Ubuntu): | |
status: | New → Confirmed |
assignee: | nobody → Paul Belanger (pabelanger) |
visibility: | private → public |
To post a comment you must log in.
This actually fixes 6 issues. I've uploaded the patch here, since a packaging branch does not exist. patches/ AST-2011- 012.diff: patches/ AST-2011- 013.diff: patches/ AST-2011- 014.diff: patches/ AST-2012- 01.diff: patches/ AST-2012- 002.diff: patches/ AST-2012- 003.diff
---
* debian/
- Remote crash vulnerability in SIP channel driver (LP: #956578)
* debian/
- Possible remote enumeration of SIP endpoints with differing NAT
settings (LP: #956576)
* debian/
- Remote crash possibility with SIP and the “automon” feature
enabled (LP: #956574)
* debian/
- SRTP Video Remote Crash Vulnerability (LP: #956572)
* debian/
- Remote Crash Vulnerability in Milliwatt Application (LP: 956580)
* debian/
- Stack Buffer Overflow in HTTP Manager (LP: #956581)