Package: asterisk
Version: 1.0.7.dfsg.1-2sarge3
Severity: Critical
Tags: Security
Asterisk 1.0 and 1.2 versions up to and including 1.2.12.1 and 1.0.11 are
vulnerable to a remote, unauthenticated heap overflow leading to arbitrary
code execution as root.
New upstream releases 1.0.12 and 1.2.13 provide patches for this problem.
No public expliot is currently known, but private proof-of-concept took
less than a day.
More information is available in the security advisory from
Security-Assessment, at http://www.security-assessment.com, or
http://www.storm.net.nz/projects/18
---
Adam Boileau / Metlstorm
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
