CVSS: 7.5EPSS: 96%CPEs: 26EXPL: 2CVE-2006-5444 – Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-5444
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. Desbordamiento de entero en la función get_input en el controlador de canal Skinny (chan_skinny.c) en Asterisk 1.0.x anteriores a 1.0.12 y 1.2.x anteriores a 1.2.13, utilizados en los teléfonos Cisco SCCP, permite a atacantes remotos ejecutar código de su elección mediante un cierto valor dlen que pasa una comparación de entero con signo y lleva a un desbordamiento de búfer basado en montón. • https://www.exploit-db.com/exploits/2597 http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12 http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html http://secunia.com/advisories/22480 http://secunia.com/advisories/22651 http://secunia.com/advisories/22979 http://secunia.com/advisories/23212 http://securitytracker.com/id?1017089 http://www.asterisk.org/node/109 http://www.gent •
CVSS: 7.5EPSS: 17%CPEs: 20EXPL: 0CVE-2006-4345
https://notcve.org/view.php?id=CVE-2006-4345
Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response. Desbordamiento de búfer basado en pila en channels/chan_mgcp.c de MGCP en Asterisk 1.0 hasta 1.2.10 permite a atacantes remotos ejecutar código de su elección mediante una respuesta de fin de auditoría (audit endpoint) (AUEP) manipulada. • http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11 http://labs.musecurity.com/advisories/MU-200608-01.txt http://secunia.com/advisories/21600 http://secunia.com/advisories/22651 http://securitytracker.com/id?1016742 http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml http://www.securityfocus.com/archive/1/444322/100/0/threaded http://www.securityfocus.com/bid/19683 http://www.sineapps.com/news.php?rssid=1448 http://www.vupen.com/english/advisories/2006/3372& •
CVSS: 7.5EPSS: 7%CPEs: 1EXPL: 0CVE-2006-4346
https://notcve.org/view.php?id=CVE-2006-4346
Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable. Asterisk 1.2.10 soporta el uso de variables controladas por cliente para determinar los nombres de archivo en la función Record, lo que permite a atacantes remotos (1) ejecutar código mediante especificadores de cadena de formato o (2) sobrescribir archivos mediante saltos de directorio relacionados con vectores no especificados, como se ha demostrado mediante la variable CALLERIDNAME. • http://labs.musecurity.com/advisories/MU-200608-01.txt http://secunia.com/advisories/22651 http://securitytracker.com/id?1016742 http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml http://www.securityfocus.com/archive/1/444322/100/0/threaded http://www.securityfocus.com/bid/19683 http://www.sineapps.com/news.php?rssid=1448 http://www.vupen.com/english/advisories/2006/3372 https://exchange.xforce.ibmcloud.com/vulnerabilities/28544 https://exchange.xforce.ibmcloud.com/vu •