6

CVE-2011-0495

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DigiumAsterisk SwEditionbusiness Version < c.3.6.2
DigiumAsterisk Version >= 1.2.0 <= 1.2.40
DigiumAsterisk Version >= 1.4.0 < 1.4.38.1
DigiumAsterisk Version >= 1.4.39 < 1.4.39.1
DigiumAsterisk Version >= 1.6.1 < 1.6.1.21
DigiumAsterisk Version >= 1.6.2 < 1.6.2.15.1
DigiumAsterisk Version >= 1.6.2.16 < 1.6.2.16.1
DigiumAsterisk Version >= 1.8.0 < 1.8.1.2
DigiumAsterisk Version >= 1.8.2 < 1.8.2.2
DigiumAsterisknow Version1.5
FedoraprojectFedora Version13
FedoraprojectFedora Version14
DebianDebian Linux Version6.0
DigiumS800i Firmware Version1.2.0
   DigiumS800i Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.21% 0.897
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff
Patch
Vendor Advisory
http://downloads.asterisk.org/pub/security/AST-2011-001.html
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html
Third Party Advisory
http://osvdb.org/70518
Broken Link
http://secunia.com/advisories/42935
Third Party Advisory
http://secunia.com/advisories/43119
Third Party Advisory
http://secunia.com/advisories/43373
Third Party Advisory
http://www.debian.org/security/2011/dsa-2171
Third Party Advisory
http://www.securityfocus.com/archive/1/515781/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/45839
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2011/0159
Permissions Required
http://www.vupen.com/english/advisories/2011/0281
Permissions Required
http://www.vupen.com/english/advisories/2011/0449
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/64831
Third Party Advisory
VDB Entry