CVE-2006-4346 - Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record

CVE-2006-4346

Summary

Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.

References

Vulnerable Configurations

cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	19683
bugtraq	20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)
confirm	http://www.sineapps.com/news.php?rssid=1448
gentoo	GLSA-200610-15
misc	http://labs.musecurity.com/advisories/MU-200608-01.txt
sectrack	1016742
secunia	22651
vupen	ADV-2006-3372
xf	asterisk-record-code-execution(28544) asterisk-record-directory-traversal(28564)

Last major update

17-10-2018 - 21:36

Published

24-08-2006 - 20:04

Last modified

17-10-2018 - 21:36