| Vulnerability Name: | CVE-2006-4346 (CCN-28544) | ||||||||
| Assigned: | 2006-08-23 | ||||||||
| Published: | 2006-08-23 | ||||||||
| Updated: | 2018-10-17 | ||||||||
| Summary: | Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 6.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:C)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Fri Aug 25 2006 - 04:14:13 CDT Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11) Source: MITRE Type: CNA CVE-2006-4346 Source: CCN Type: MU-200608-01 Multiple Vulnerabilities in Asterisk 1.2.10 Source: MISC Type: Patch, Vendor Advisory http://labs.musecurity.com/advisories/MU-200608-01.txt Source: SECUNIA Type: UNKNOWN 22651 Source: CCN Type: SECTRACK ID: 1016742 Asterisk Stack Overflow in MGCP Implementation Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: Patch 1016742 Source: CCN Type: Asterisk Web site Asterisk | The Open Source PBX Source: CCN Type: GLSA-200610-15 Asterisk: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200610-15 Source: BUGTRAQ Type: UNKNOWN 20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11) Source: BID Type: Patch 19683 Source: CCN Type: BID-19683 Asterisk Multiple Remote Vulnerabilities Source: CONFIRM Type: UNKNOWN http://www.sineapps.com/news.php?rssid=1448 Source: VUPEN Type: UNKNOWN ADV-2006-3372 Source: XF Type: UNKNOWN asterisk-record-format-string(28544) Source: XF Type: UNKNOWN asterisk-record-code-execution(28544) Source: XF Type: UNKNOWN asterisk-record-directory-traversal(28564) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2006-4346 (CCN-28564) | ||||||||
| Assigned: | 2006-08-23 | ||||||||
| Published: | 2006-08-23 | ||||||||
| Updated: | 2006-08-23 | ||||||||
| Summary: | Asterisk could allow a remote attacker to traverse directories on the system, caused by improper handling of file names by the Record() function. By using a client controlled variable as part of a file name, an administrator could use directory traversal techniques and overwrite arbitrary files on the system. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Fri Aug 25 2006 - 04:14:13 CDT Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11) Source: MITRE Type: CNA CVE-2006-4346 Source: CCN Type: MU-200608-01 Multiple Vulnerabilities in Asterisk 1.2.10 Source: CCN Type: SECTRACK ID: 1016742 Asterisk Stack Overflow in MGCP Implementation Lets Remote Users Execute Arbitrary Code Source: CCN Type: Asterisk Web site Asterisk | The Open Source PBX Source: CCN Type: GLSA-200610-15 Asterisk: Multiple vulnerabilities Source: CCN Type: BID-19683 Asterisk Multiple Remote Vulnerabilities Source: XF Type: UNKNOWN asterisk-record-directory-traversal(28564) | ||||||||
| BACK | |||||||||