152010 – New version of asterisk to fix a critical bug

Bug 152010 - New version of asterisk to fix a critical bug

Summary: New version of asterisk to fix a critical bug

Status:	RESOLVED DUPLICATE of bug 151881

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	x86 Linux

Importance:	High critical (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-10-19 14:54 UTC by Jorge Cisneros
Modified:	2006-10-19 15:57 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jorge Cisneros 2006-10-19 14:54:05 UTC

The Asterisk Development team has released an update to Asterisk 1.2

the  Asterisk 1.2.13.

This release contains a fix for a security vulnerability recently found in the chan_skinny channel driver (for Cisco SCCP phones). This vulnerability would enable an attacker to remotely execute code as the system user running Asterisk (frequently 'root'). The exploit does not require that the skinny.conf contain any valid phone entries, only that chan_skinny is loaded and operational.

When be avalible in the portage, and maybe you can add the asterisk beta 1.4 to the portage

thanks

Comment 1 Tavis Ormandy (RETIRED) gentoo-dev

2006-10-19 15:11:46 UTC

Reassigning to security. (reporter: please only restrict sensitive bugs! thankyou!)

Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev

2006-10-19 15:57:01 UTC


*** This bug has been marked as a duplicate of 151881 ***