[Bug 956581] Re: Stack Buffer Overflow in HTTP Manager

Jamie Strandboge jamie at ubuntu.com
Mon Mar 26 11:52:48 UTC 2012


Unsubscribing ubuntu-security-sponsors for now. Please resubscribe once
there is something to review. Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/956581

Title:
  Stack Buffer Overflow in HTTP Manager

Status in “asterisk” package in Ubuntu:
  Incomplete

Bug description:
  An attacker attempting to connect to an HTTP session of the Asterisk
  Manager Interface can send an arbitrarily long string value for HTTP
  Digest Authentication. This causes a stack buffer overflow, with the
  possibility of remote code injection.

  http://downloads.asterisk.org/pub/security/AST-2012-003.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/956581/+subscriptions



More information about the Ubuntu-sponsors mailing list