summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBaptiste Daroussin <bapt@FreeBSD.org>2013-12-18 00:08:30 +0000
committerBaptiste Daroussin <bapt@FreeBSD.org>2013-12-18 00:08:30 +0000
commitb33803efe8cc4aacc3f402079bb5b3f686bd3eed (patch)
treef007975bd5e061d08145b761735e4cce55f4c1ce
parentMFH: r336793 (diff)
MFH: r336790
- document asterisk vulnerabilities - correctly order references [1] Reported by: remko [1]
-rw-r--r--security/vuxml/vuln.xml52
1 files changed, 51 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 00e29bf9e8ae..14761443e7bc 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -51,6 +51,55 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="0c39bafc-6771-11e3-868f-0025905a4771">
+ <topic>asterisk -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>asterisk10</name>
+ <range><lt>10.12.4</lt></range>
+ </package>
+ <package>
+ <name>asterisk11</name>
+ <range><lt>11.6.1</lt></range>
+ </package>
+ <package>
+ <name>asterisk18</name>
+ <range><lt>1.8.24.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Asterisk project reports:</p>
+ <blockquote cite="https://www.asterisk.org/security">
+ <p>A 16 bit SMS message that contains an odd message length value will
+ cause the message decoding loop to run forever. The message buffer is
+ not on the stack but will be overflowed resulting in corrupted memory
+ and an immediate crash.</p>
+ <p>External control protocols, such as the Asterisk Manager Interface,
+ often have the ability to get and set channel variables; this allows
+ the execution of dialplan functions. Dialplan functions within
+ Asterisk are incredibly powerful, which is wonderful for building
+ applications using Asterisk. But during the read or write execution,
+ certain diaplan functions do much more. For example, reading the SHELL()
+ function can execute arbitrary commands on the system Asterisk is
+ running on. Writing to the FILE() function can change any file that
+ Asterisk has write access to. When these functions are executed from an
+ external protocol, that execution could result in a privilege escalation.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-7100</cvename>
+ <url>http://downloads.asterisk.org/pub/security/AST-2013-006.pdf</url>
+ <url>http://downloads.asterisk.org/pub/security/AST-2013-007.pdf</url>
+ <url>https://www.asterisk.org/security</url>
+ </references>
+ <dates>
+ <discovery>2013-12-16</discovery>
+ <entry>2013-12-17</entry>
+ </dates>
+ </vuln>
+
<vuln vid="3b86583a-66a7-11e3-868f-0025905a4771">
<topic>phpmyfaq -- arbitrary PHP code execution vulnerability</topic>
<affects>
@@ -72,12 +121,13 @@ Note: Please add new entries to the beginning of this file.
</body>
</description>
<references>
- <url>http://www.phpmyfaq.de/advisory_2013-11-26.php</url>
<url>http://en.securitylab.ru/lab/PT-2013-41</url>
+ <url>http://www.phpmyfaq.de/advisory_2013-11-26.php</url>
</references>
<dates>
<discovery>2013-11-26</discovery>
<entry>2013-12-16</entry>
+ <modified>2013-12-17</modified>
</dates>
</vuln>