OSVDB ID: 20577

Title: Asterisk vmail.cgi folder Variable Traversal Arbitrary .wav File Access

Info

Disclosure

Nov 07, 2005

Discovery

Oct 17, 2005

Dates

Exploit

Nov 07, 2005

Solution

Unknown

Description

Asterisk contains a flaw that allows an authenticated user to access other users' voice mail wav files. The issue is due to the vmail.cgi not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "folder" variable.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 1.2.0-rc2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Asterisk	Asterisk	1.0.9
		1.2.0-beta1
	Asterisk@Home	1.5
		2.0-beta4

References

Security Tracker: 1015164
Bugtraq ID: 15336
Secunia Advisory ID: 17459 19872
CVE ID: 2005-3559 (see also: NVD)
ISS X-Force ID: 23002
VUPEN Advisory: ADV-2005-2346
Mail List Post: http://seclists.org/lists/bugtraq/2005/Nov/0087.html
Other Advisory URL: http://www.assurance.com.au/advisories/200511-asterisk.txt
Vendor URL: http://www.asterisk.org/
Vendor Specific News/Changelog Entry: http://www.us.debian.org/security/2006/dsa-1048

Credit

Adam Pointon - adam.pointonassurance.com.au - Assurance.com.au

Direct URL: http://osvdb.org/20577

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Asterisk

Asterisk

Asterisk@Home

References

Credit