Asterisk IMAP-Specific Voicemail Multiple Buffer Overflow Vulnerabilities

Bugtraq ID:	26005
Class:	Boundary Condition Error
CVE:	CVE-2007-5358
Remote:	Yes
Local:	No
Published:	Oct 10 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	Russell Bryant and Mark Michelson are credited with the discovery of these issues.
Vulnerable:	Asterisk Asterisk 1.4.12 Asterisk Asterisk 1.4.11 Asterisk Asterisk 1.4.10 Asterisk Asterisk 1.4.9 Asterisk Asterisk 1.4.8 Asterisk Asterisk 1.4.7 Asterisk Asterisk 1.4.6 Asterisk Asterisk 1.4.5 Asterisk Asterisk 1.4.4 Asterisk Asterisk 1.4.3 Asterisk Asterisk 1.4.2 Asterisk Asterisk 1.4.1 Asterisk Asterisk 1.4 Beta
Not Vulnerable:	Asterisk Asterisk 1.4.13

Asterisk IMAP-Specific Voicemail Multiple Buffer Overflow Vulnerabilities

Asterisk is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.

Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause denial-of-service conditions.

Versions prior to Asterisk Open Source 1.4.13 are vulnerable.

Asterisk IMAP-Specific Voicemail Multiple Buffer Overflow Vulnerabilities

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Asterisk IMAP-Specific Voicemail Multiple Buffer Overflow Vulnerabilities

Solution:
The vendor has released updates to address these issues. Please see the references for more information.

Asterisk IMAP-Specific Voicemail Multiple Buffer Overflow Vulnerabilities

References:

• Asterisk Homepage (Asterisk)
  
• AST-2007-022: Buffer overflows in voicemailwhen using IMAP storage (Asterisk Development Team)
  
• Asterisk Project Security Advisory - AST-2007-022 (Asterisk)