Re: [Asterisk-Users] Asterisk Security vulnerability report

Wed, 10 Sep 2003 19:42:22 -0700 

"By exploiting this vulnerability, @stake managed to obtain access to the
remote host in question. "

----- Original Message ----- 
From: "Brian West" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 11, 2003 10:16 AM
Subject: Re: [Asterisk-Users] Asterisk Security vulnerability report


> Because as the advisory pointed out it "could" happen.  The likely thing
> to happen would be a segfault.  Then again it should have been pointed out
> instead of silently updated.
>
> bkw
>
> On Wed, 10 Sep 2003, Michael Sandee wrote:
>
> > 'proven'? Why post this bs... read the advisory, clearly shows they made
> > one and tested. Second its trivial to make one, if you see what is wrong
> > in the code.
> >
> > Original advisory should have been posted here at the date of release,
> > or announced by someone, but it wasn't... I guess some people are too
> > busy, can't blame them.
> >
> > Brian West wrote:
> >
> > >Also it wasn't a proven exploit.  They said it "could allow an attacker
to
> > >obtain remote and unauthenticated access".  And if pigs "could" fly I
> > >would be a rich man!
> > >
> > >bkw
> > >
> > >
> > >
> > >
> > >>Read the security vulnerability.  It referenced CVS as of a certain
> > >>date.  If you aren't keeping up with CVS changes, why are you running
> > >>CVS at all?
> > >>
> > >>-Tilghman
> > >>
> > >>_______________________________________________
> > >>Asterisk-Users mailing list
> > >>[EMAIL PROTECTED]
> > >>http://lists.digium.com/mailman/listinfo/asterisk-users
> > >>
> > >>
> > >>
> > >_______________________________________________
> > >Asterisk-Users mailing list
> > >[EMAIL PROTECTED]
> > >http://lists.digium.com/mailman/listinfo/asterisk-users
> > >
> > >
> > >
> > >
> >
> >
> > _______________________________________________
> > Asterisk-Users mailing list
> > [EMAIL PROTECTED]
> > http://lists.digium.com/mailman/listinfo/asterisk-users
> >
> _______________________________________________
> Asterisk-Users mailing list
> [EMAIL PROTECTED]
> http://lists.digium.com/mailman/listinfo/asterisk-users

_______________________________________________
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to