CVE-2007-1595

Sažetak

The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.

Reference

http://bugs.digium.com/view.php?id=9316
http://secunia.com/advisories/24694
http://secunia.com/advisories/25582
http://svn.digium.com/view/asterisk?rev=59073&view=rev
http://www.novell.com/linux/security/advisories/2007_34_asterisk.html
http://www.securityfocus.com/bid/23155
http://www.vupen.com/english/advisories/2007/1123

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-03-2011 - 02:52

Objavljeno

22-03-2007 - 23:19