www.storm.net.nz
www.storm.net.nz |
|
| [ / ] [ Metlstorm ] [ Projects ] [ ice.storm.net.nz ] [ \m/ ] |
| Projects | |||||
| [ Security: SSH 'Jack Hai2IVR MAFL-Load Firewire, DMA & Windows Asterisk Remote Root Metl-o-UnNetCrypt ] [ Wireless: Metl Kismet GPS Plotter - Google Earth Edition Metl War Tri Pod Metl Kismet Client Metlstorms Kismet GPS Plott0r Metl Helix Wireless Grapher Metl Network Recon Visualizer ] [ Home: Rotoseat Noise Weblstorm Viewtron CharGrill ] [ Abandonware: Obscured By Clouds ] | |||||
|
|
|||||
| Asterisk Remote Root | |||||
| While reading the source to Asterisk one exciting weekend, I spotted an integer overflow, which lead to a heap overflow, which lead to a remote root shell. Oh dear. Asterisk released new versions 1.0.12 and 1.2.13 to address this on 19th October 2006. I released a coordinated advisory to match. Naw, I'm not gonna release the sploit code; sure I like the rootshell poppin out just as much as the next dude, but no. | Last Update: | 2006-12-18 23:34:50 | |||
| State: | Finished | ||||
| Distribution: | Public | ||||
| Tags: |
Security |
||||
| Images: | |||||
|
|||||
| Releases: | |||||
|
asterisk-remote-heap-overflow.txt (5kB) Ver: 19th Oct 2006
Public adivisory as spammed to bugtraq and fulldisclosure. |
|||||
|
|
|||||