Full details in the URL. --- There is a programming error in the function that parses commands in the Asterisk system. This is used by the manager interface if the user is allowed to submit CLI commands. The coding error can result in the overflow of one of the parameters of the calling function. That is, the command parsing function will return without error. However, the calling function will cause a segmentation fault. If the command string is specifically crafted, is it possible to use this stack overflow to execute arbitrary code on the Asterisk system. The resulting execution is (typically) run with root privileges. A command consisting of a recurring string of two double quotes followed by a tab character will induce the segmentation fault within a Call Manager thread.
voip please verify wether this affects our older stable version and bump the unstable version if this is a valid report. Also an upstream reference for this would be nice.
http://www.portcullis-security.com/advisory/advisory-05-013.txt there is no further information available at the moment bumping asterisk-1.0.8 isn't possible without removing bristuff support (i.e. major feature) because the 1.0.7 bristuff patch doesn't apply i've created a diff of the cli.c changes in asterisk-1.0.8 and added that to -1.0.7-r1 (which has it's ~* keywords restored now) i'm going to write a short email to gentoo-dev and gentoo-users outlining the non-root changes (for those who haven't read the Changelog, ebuild and planet.g.o) older versions of asterisk may be affected, i'm going to check whether that patch applies to 1.0.5 and 1.0.6 (and restoring the keywords of the non-root versions)
Thx Stefan. 1.0.7-r1 still needs to be marked ~ppc, should I call them to mark?
I think we need to call ppc to mark ~ppc if they can.
1.0.8 is in the tree now too, has been marked ~ppc
Thx Stefan. Since this is ~ -> Closing without GLSA.
