SUSE-SA:2006:069: asterisk

The remote host is missing the patch for the advisory SUSE-SA:2006:069 asterisk. Two security problem have been found and fixed in the PBX software Asterisk. CVE-2006-5444: Integer overflow in the getinput function in the Skinny channel driver chanskinny.c as used by Cisco SCCP phones, allows...

DSA-1229-1 asterisk

Bulletin has no description...

Integer overflow vulnerability in Asterisk driver for Cisco SCCP-enabled phones

Overview Asterisk contains an integer overflow vulnerability. This vulnerability may allow an attacker to run arbitrary code. Description Asterisk is an open-source PBX software package that provides voicemail, three-way calling, and other features. Skinny Client Control Protocol SCCP is a...

CVE-2006-5444

Integer overflow in the getinput function in the Skinny channel driver chanskinny.c in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads t...

CVE-2006-5444

Integer overflow in the getinput function in the Skinny channel driver chanskinny.c in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads t...

CVE-2006-5444

CVE-2006-5444 involves an integer overflow in Asterisk’s Skinny channel driver (chan_skinny.c). Affected are Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, used by Cisco SCCP phones. An attacker can trigger a heap-based buffer overflow via a crafted dlen value, potentially leading to remot...

CVE-2006-5444

Integer overflow in the getinput function in the Skinny channel driver chanskinny.c in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads t...

CVE-2006-5444

Integer overflow in the getinput function in the Skinny channel driver chanskinny.c in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads t...

Security-Assessment.com Advisory: Asterisk remote heap overflow

======================================================================== = Asterisk - chanskinny Remote Unauthenticated Heap Overflow = = Vendor Website: = http://www.asterisk.org = = Affected Version: = All 1.2-branch releases prior to and including 1.2.12.1 = All 1.0-branch releases prior to an...

asterisk -- remote heap overwrite vulnerability

Adam Boileau of Security-Assessment.com reports: The Asterisk Skinny channel driver for Cisco SCCP phones chanskinny.so incorrectly validates a length value in the packet header. An integer wrap-around leads to heap overwrite, and arbitrary remote code execution as root...