Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 152010 - New version of asterisk to fix a critical bug
Summary: New version of asterisk to fix a critical bug
Status: RESOLVED DUPLICATE of bug 151881
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: x86 Linux
: High critical (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2006-10-19 14:54 UTC by Jorge Cisneros
Modified: 2006-10-19 15:57 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Jorge Cisneros 2006-10-19 14:54:05 UTC
The Asterisk Development team has released an update to Asterisk 1.2

the  Asterisk 1.2.13.

This release contains a fix for a security vulnerability recently found in the chan_skinny channel driver (for Cisco SCCP phones). This vulnerability would enable an attacker to remotely execute code as the system user running Asterisk (frequently 'root'). The exploit does not require that the skinny.conf contain any valid phone entries, only that chan_skinny is loaded and operational.

When be avalible in the portage, and maybe you can add the asterisk beta 1.4 to the portage

Comment 1 Tavis Ormandy (RETIRED) gentoo-dev 2006-10-19 15:11:46 UTC
Reassigning to security. (reporter: please only restrict sensitive bugs! thankyou!)

Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev 2006-10-19 15:57:01 UTC

*** This bug has been marked as a duplicate of 151881 ***