Asterisk Project Security Advisory - AST-2007-024 +------------------------------------------------------------------------+ | Product | Zaptel | |--------------------+---------------------------------------------------| | Summary | Potential buffer overflow from command line | | | application "sethdlc" | |--------------------+---------------------------------------------------| | Nature of Advisory | Buffer overflow | |--------------------+---------------------------------------------------| | Susceptibility | Local sessions | |--------------------+---------------------------------------------------| | Severity | None | |--------------------+---------------------------------------------------| | Exploits Known | None | |--------------------+---------------------------------------------------| | Reported On | October 31, 2007 | |--------------------+---------------------------------------------------| | Reported By | Michael Bucko <michael DOT bucko AT eleytt DOT | | | com> | |--------------------+---------------------------------------------------| | Posted On | October 31, 2007 | |--------------------+---------------------------------------------------| | Last Updated On | November 1, 2007 | |--------------------+---------------------------------------------------| | Advisory Contact | Mark Michelson <mmichelson AT digium DOT com> | |--------------------+---------------------------------------------------| | CVE Name | CVE-2007-5690 | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Description | This advisory is a response to a false security | | | vulnerability published in several places on the | | | Internet. Had Asterisk's developers been notified prior | | | to its publication, there would be no need for this. | | | | | | There is a potential for a buffer overflow in the | | | sethdlc application; however, running this application | | | requires root access to the server, which means that | | | exploiting this vulnerability gains the attacker no more | | | advantage than what he already has. As such, this is a | | | bug, not a security vulnerability. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Resolution | The copy of the user-provided argument to the buffer has | | | been limited to the length of the buffer. This fix has | | | been committed to the Zaptel 1.2 and 1.4 repositories, | | | but due to the lack of severity, new releases will not be | | | immediately made. | | | | | | While we appreciate this programming error being brought | | | to our attention, we would encourage security researchers | | | to contact us prior to releasing any reports of their | | | own, both so that we can fix any vulnerability found | | | prior to the release of an announcement, as well as | | | avoiding these types of mistakes (and the potential | | | embarrassment of reporting a vulnerability that wasn't) | | | in the future. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Affected Versions | |------------------------------------------------------------------------| | Product | Release Series | | |-----------------+----------------+-------------------------------------| | Zaptel | 1.2.x | All versions prior to 1.2.22 | |-----------------+----------------+-------------------------------------| | Zaptel | 1.4.x | All versions prior to 1.4.7 | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Corrected In | |------------------------------------------------------------------------| | Product | Release | |----------------------------+-------------------------------------------| | Zaptel | 1.2.22, when available | |----------------------------+-------------------------------------------| | Zaptel | 1.4.7, when available | |----------------------------+-------------------------------------------| +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ |Links |http://archives.neohapsis.com/archives/bugtraq/2007-10/0316.html | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Asterisk Project Security Advisories are posted at | | http://www.asterisk.org/security. | | | | This document may be superseded by later versions; if so, the latest | | version will be posted at | | http://downloads.digium.com/pub/security/AST-2007-024.pdf and | | http://downloads.digium.com/pub/security/AST-2007-024.html. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Revision History | |------------------------------------------------------------------------| | Date | Editor | Revisions Made | |------------+----------------+------------------------------------------| | 10/31/2007 | Mark Michelson | Initial release | |------------+----------------+------------------------------------------| | 10/31/2007 | Mark Michelson | Changed severity, description, and | | | | resolution | +------------------------------------------------------------------------+ Asterisk Project Security Advisory - AST-2007-024 Copyright (c) 2007 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.
oops. this is not a vulnerability but a bug.
*** Bug 198486 has been marked as a duplicate of this bug. ***
*** Bug 200664 has been marked as a duplicate of this bug. ***
1.2.22 is out now. http://downloads.digium.com/pub/zaptel/ChangeLog-1.2.22 Date: Tue, 27 Nov 2007 13:53:03 -0600 Subject: [asterisk-announce] Zaptel 1.2.22 and 1.4.7 released The Asterisk.org development team has announced the release of Zaptel versions 1.2.22 and 1.4.7. These releases contain (among other things) many bug fixes to the TC400B driver, a bug fix on the wctdm24xxp driver for users with a VPM150M, as well as numerous improvements and fixes to the Xorcom driver suite. The much better performing version of fxotune from 1.4 has now been put into 1.2, so you may wish to rerun this tool with the new version. As always, please see the respective Changelogs for additional information. Both releases are available as a tarball as well as a patch against the previous release. They are available for download from downloads.digium.com. Thank you for your support!
zaptel 1.2.22.1 in cvs.
