Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 152010

Summary: New version of asterisk to fix a critical bug
Product: Gentoo Security Reporter: Jorge Cisneros <jorgecis>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: critical    
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Jorge Cisneros 2006-10-19 14:54:05 UTC 
The Asterisk Development team has released an update to Asterisk 1.2

the  Asterisk 1.2.13.

This release contains a fix for a security vulnerability recently found in the chan_skinny channel driver (for Cisco SCCP phones). This vulnerability would enable an attacker to remotely execute code as the system user running Asterisk (frequently 'root'). The exploit does not require that the skinny.conf contain any valid phone entries, only that chan_skinny is loaded and operational.

When be avalible in the portage, and maybe you can add the asterisk beta 1.4 to the portage

thanks
Comment 1 Tavis Ormandy (RETIRED) gentoo-dev 2006-10-19 15:11:46 UTC 
Reassigning to security. (reporter: please only restrict sensitive bugs! thankyou!)
Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev 2006-10-19 15:57:01 UTC 

*** This bug has been marked as a duplicate of 151881 ***