|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3065 CVE : CVE-2007-4521 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : No Credit : Mark Michelson Published : 28.08.2007
Advisory Text : Asterisk Project Security Advisory - AST-2007-021 +----------------------------------------------------------------------- -+ | Product | Asterisk | |--------------------+-------------------------------------------------- -| | Summary | Crash from invalid/corrupted MIME bodies when | | | using voicemail with IMAP storage | |--------------------+-------------------------------------------------- -| | Nature of Advisory | Crash | |--------------------+-------------------------------------------------- -| | Susceptibility | Remote Unauthenticated Sessions | |--------------------+-------------------------------------------------- -| | Severity | minor | |--------------------+-------------------------------------------------- -| | Exploits Known | No | |--------------------+-------------------------------------------------- -| | Reported On | August 23, 2007 | |--------------------+-------------------------------------------------- -| | Reported By | Kevin Stewart | |--------------------+-------------------------------------------------- -| | Posted On | August 24, 2007 | |--------------------+-------------------------------------------------- -| | Last Updated On | August 24, 2007 | |--------------------+-------------------------------------------------- -| | Advisory Contact | Mark Michelson <mmichelson (at) digium (dot) com [email concealed]> | |--------------------+-------------------------------------------------- -| | CVE Name |CVE-2007-4521 | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Description | If Asterisk is configured to use IMAP as its backend | | | storage for voicemail, then an e-mail sent to a user | | | with an invalid/corrupted MIME body will cause Asterisk | | | to crash when the user listens to their voicemail using | | | the phone. | | | | | | This does not affect any other voicemail storage option, | | | nor does it affect users who check their voicemail via | | | e-mail when using IMAP storage. | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Resolution | Since this is a minor issue, a new release is not | | | immediately planned. However, the issue will be fixed in | | | Asterisk Open Source version 1.4.12 when it is released. | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Affected Versions | |----------------------------------------------------------------------- -| | Product | Release | | | | Series | | |--------------------------------+-------------+------------------------ -| | Asterisk Open Source | 1.0.x | Not Affected | |--------------------------------+-------------+------------------------ -| | Asterisk Open Source | 1.2.x | Not Affected | |--------------------------------+-------------+------------------------ -| | Asterisk Open Source | 1.4.x | Versions 1.4.5 - 1.4.11 | |--------------------------------+-------------+------------------------ -| | Asterisk Business Edition | A.x.x | Not Affected | |--------------------------------+-------------+------------------------ -| | Asterisk Business Edition | B.x.x | Not Affected | |--------------------------------+-------------+------------------------ -| | AsteriskNOW | pre-release | Not Affected | |--------------------------------+-------------+------------------------ -| | Asterisk Appliance Developer | 0.x.x | Not Affected | | Kit | | | |--------------------------------+-------------+------------------------ -| | s800i (Asterisk Appliance) | 1.0.x | Not Affectted | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- ------------+ | Corrected In | |----------------------------------------------------------------------- ------------| |Product | Release | |--------+-------------------------------------------------------------- ------------| |Asterisk| 1.4.12 (not released), patch can be found here: | | Open |http://lists.digium.com/pipermail/asterisk-commits/2007-August/015743.h tml| | Source | | |--------+-------------------------------------------------------------- ------------| |--------+-------------------------------------------------------------- ------------| +----------------------------------------------------------------------- ------------+ +----------------------------------------------------------------------- -+ | Links | http://bugs.digium.com/view.php?id=10544 | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Asterisk Project Security Advisories are posted at | | http://www.asterisk.org/security. | | | | This document may be superseded by later versions; if so, the latest | | version will be posted at | | http://downloads.digium.com/pub/asa/AST-2007-021.pdf and | | http://downloads.digium.com/pub/asa/AST-2007-021.html. | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Revision History | |----------------------------------------------------------------------- -| | Date | Editor | Revisions Made | |----------------------+---------------------+-------------------------- -| | August 24, 2007 | Mark Michelson | Initial Release | +----------------------------------------------------------------------- -+ Asterisk Project Security Advisory - AST-2007-021 Copyright (c) 2007 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |