Digium has announced that a new version of Asterisk that remedies two flaws in the voicemail system that could lead to a DoS - (Denial of Service) attack.
This Voicemail vulnerability was caused by a boundary error within the IMAP specific code used in processing voicemail messages. This can be exploited causing a buffer overflow via a specially crafted voicemail message sent as email containing an overly long (more than 1024 characters) combination of Content-Type or Content-Description header
The above vulnerability is reported in 1.4.x versions and can is fixed in the 1.4.13 update.
More from the original Digium Security Advisory.
This Voicemail vulnerability was caused by a boundary error within the IMAP specific code used in processing voicemail messages. This can be exploited causing a buffer overflow via a specially crafted voicemail message sent as email containing an overly long (more than 1024 characters) combination of Content-Type or Content-Description header
The above vulnerability is reported in 1.4.x versions and can is fixed in the 1.4.13 update.
More from the original Digium Security Advisory.
0 Comments:
Post a Comment
<< Home