[Bug 956581] Re: Stack Buffer Overflow in HTTP Manager
Paul Belanger
956581 at bugs.launchpad.net
Fri Mar 16 02:18:46 UTC 2012
** Patch added: "asterisk_1.8.4.4~dfsg.diff"
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/956581/+attachment/2878874/+files/asterisk_1.8.4.4%7Edfsg.diff
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/956581
Title:
Stack Buffer Overflow in HTTP Manager
Status in “asterisk” package in Ubuntu:
Confirmed
Bug description:
An attacker attempting to connect to an HTTP session of the Asterisk
Manager Interface can send an arbitrarily long string value for HTTP
Digest Authentication. This causes a stack buffer overflow, with the
possibility of remote code injection.
http://downloads.asterisk.org/pub/security/AST-2012-003.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/956581/+subscriptions
More information about the Ubuntu-sponsors
mailing list