Vulnerability Description
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Digium | Asterisk | <= 1.4.12 |
Related Weaknesses (CWE)
References
- http://downloads.digium.com/pub/security/AST-2007-022.html
- http://osvdb.org/38201
- http://osvdb.org/38202
- http://secunia.com/advisories/27184
- http://www.securityfocus.com/archive/1/481996/100/0/threaded
- http://www.securityfocus.com/bid/26005
- http://www.securitytracker.com/id?1018804
- http://www.vupen.com/english/advisories/2007/3454
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37051
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37052
- http://downloads.digium.com/pub/security/AST-2007-022.html
- http://osvdb.org/38201
- http://osvdb.org/38202
- http://secunia.com/advisories/27184
- http://www.securityfocus.com/archive/1/481996/100/0/threaded
FAQ
What is CVE-2007-5358?
CVE-2007-5358 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of ...
How severe is CVE-2007-5358?
CVE-2007-5358 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5358?
Check the references section above for vendor advisories and patch information. Affected products include: Digium Asterisk.