Bug#394025: marked as done (CVE-2006-5444: Remote compromise in chan_skinny)

2007-02-17 Thread Debian Bug Tracking System
Your message dated Sat, 17 Feb 2007 12:09:53 + with message-id <[EMAIL PROTECTED]> and subject line Bug#394025: fixed in asterisk 1:1.0.7.dfsg.1-2sarge4 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is n

Bug#394025: CVE-2006-5444: Remote compromise in chan_skinny

2006-11-25 Thread Ben Hutchings
Enough stalling. Here's a debdiff for a sarge security update. I have tested that the warning message is certainly triggered by the bogus length values Adam found. I *think* the bug may only be exploitable on 64-bit systems, as read() calls seem to fail immediately where the length would result

Bug#394025:

2006-11-05 Thread Brandon Kruse
This bug has been resolved and is only active if you load chan_skinny by default this does NOT affect asterisk business edition If you dont want to mess around with the modules.conf and no load update to 1.2.13 all the "security fixes" are applied on that release. -- To UNSUBSCRIBE, ema

Bug#394025: marked as done (Remote compromise)

2006-10-25 Thread Debian Bug Tracking System
Your message dated Tue, 24 Oct 2006 23:32:19 -0700 with message-id <[EMAIL PROTECTED]> and subject line Bug#394025: fixed in asterisk 1:1.2.13~dfsg-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the c

Bug#394025: Remote compromise

2006-10-22 Thread Ben Hutchings
The submitter sent me private mail, telling me: - a little more explanation of how this can be exploited - that this is exploitable in a stock installation in sarge - that read() can overwrite part of the buffer before returning EFAULT - that company policy forbids him from providing a working expl

Bug#394025: my patch

2006-10-21 Thread Ben Hutchings
Upstream confirmed that the ast_mutex_unlock() is bogus. Ben. -- Ben Hutchings -- [EMAIL PROTECTED] shortened to [EMAIL PROTECTED] If you've signed my GPG key, please send a signature on and to the new uid. In a hierarchy, every employee tends to rise to his level of incompetence. signature.as

Bug#394025: Remote compromise

2006-10-20 Thread Ben Hutchings
forwarded 394025 http://bugs.digium.com/view.php?id=7770 tags 394025 + patch thanks I'm adding a reference to the upstream bug report in case you really want to read further details of this clusterfuck. The upstream change is simply: --- asterisk-1.2.12.1/channels/chan_skinny.c +++ asterisk-1.2.

Bug#394025: Remote compromise

2006-10-18 Thread Metlstorm
Package: asterisk Version: 1.0.7.dfsg.1-2sarge3 Severity: Critical Tags: Security Asterisk 1.0 and 1.2 versions up to and including 1.2.12.1 and 1.0.11 are vulnerable to a remote, unauthenticated heap overflow leading to arbitrary code execution as root. New upstream releases 1.0.12 and 1.2.