Advisories

Asterisk Manager Interface Overflow

Researcher: Wade Alcorn
Date: 22/06/2005
There is a programming error in the function that parses commands in the Asterisk system. This is used by the manager interface if the user is allowed to submit CLI commands. The coding error can result in the overflow of one of the parameters of the calling function. That is, the command parsing function will return without error. However, the calling function will cause a segmentation fault.

If the command string is specifically crafted, is it possible to use this stack overflow to execute arbitrary code on the Asterisk system. The resulting execution is (typically) run with root privileges.

A command consisting of a recurring string of two double quotes followed by a tab character will induce the segmentation fault within a Call Manager thread.

Konqueror DoS Via JavaScript Read Of FTP Iframe

Researcher: Mark
Date: 04/03/07

The Konqueror web browser will crash if JavaScript tries to read certain types of iframes.