7.5

CVE-2006-5444

Exploit
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DigiumAsterisk Version0.1.7
DigiumAsterisk Version0.1.8
DigiumAsterisk Version0.1.9
DigiumAsterisk Version0.1.9.1
DigiumAsterisk Version0.2
DigiumAsterisk Version0.3
DigiumAsterisk Version0.4
DigiumAsterisk Version0.7
DigiumAsterisk Version0.7.1
DigiumAsterisk Version0.7.2
DigiumAsterisk Version0.9
DigiumAsterisk Version1.0
DigiumAsterisk Version1.0.7
DigiumAsterisk Version1.0.8
DigiumAsterisk Version1.0.9
DigiumAsterisk Version1.0.10
DigiumAsterisk Version1.0.11
DigiumAsterisk Version1.2.6
DigiumAsterisk Version1.2.7
DigiumAsterisk Version1.2.8
DigiumAsterisk Version1.2.9
DigiumAsterisk Version1.2.10
DigiumAsterisk Version1.2.11
DigiumAsterisk Version1.2.12
DigiumAsterisk Version1.2_beta1
DigiumAsterisk Version1.2_beta2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 84.96% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/22651
http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml
http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12
Patch
http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13
Patch
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html
http://secunia.com/advisories/22480
Patch
Vendor Advisory
http://secunia.com/advisories/22979
http://secunia.com/advisories/23212
http://securitytracker.com/id?1017089
Patch
http://www.asterisk.org/node/109
Patch
http://www.kb.cert.org/vuls/id/521252
US Government Resource
http://www.novell.com/linux/security/advisories/2006_69_asterisk.html
http://www.osvdb.org/29972
http://www.securityfocus.com/archive/1/449127/100/0/threaded
http://www.securityfocus.com/archive/1/449183/100/0/threaded
http://www.securityfocus.com/bid/20617
Patch
Exploit
http://www.us.debian.org/security/2006/dsa-1229
http://www.vupen.com/english/advisories/2006/4097
https://exchange.xforce.ibmcloud.com/vulnerabilities/29663