Vulnerability Name: | CVE-2006-5444 (CCN-29663) | ||||||||||||
Assigned: | 2006-10-18 | ||||||||||||
Published: | 2006-10-18 | ||||||||||||
Updated: | 2018-10-17 | ||||||||||||
Summary: | Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. Failed exploit attempts will likely crash the server, denying further service to legitimate users. This vulnerability is addressed in the following product releases: Asterisk, Asterisk, 1.0.12 or later Asterisk, Asterisk, 1.2.13 or later | ||||||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: CCN Type: BugTraq Mailing List, Wed Oct 18 2006 - 16:56:02 CDT Security-Assessment.com Advisory: Asterisk remote heap overflow Source: MITRE Type: CNA CVE-2006-5444 Source: CONFIRM Type: Patch http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12 Source: CONFIRM Type: Patch http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 Source: FULLDISC Type: UNKNOWN 20061018 Asterisk remote heap overflow Source: CCN Type: SA22480 Asterisk SCCP Integer Overflow and SIP Denial of Service Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 22480 Source: SECUNIA Type: UNKNOWN 22651 Source: SECUNIA Type: UNKNOWN 22979 Source: SECUNIA Type: UNKNOWN 23212 Source: CCN Type: SECTRACK ID: 1017089 Asterisk Integer Overflow in Skinny Channel Driver Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: Patch 1017089 Source: CCN Type: Asterisk Web site Asterisk | The Open Source PBX Source: CONFIRM Type: Patch http://www.asterisk.org/node/109 Source: DEBIAN Type: DSA-1229 asterisk -- integer overflow Source: CCN Type: GLSA-200610-15 Asterisk: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200610-15 Source: CCN Type: US-CERT VU#521252 Integer overflow vulnerability in Asterisk driver for Cisco SCCP-enabled phones Source: CERT-VN Type: US Government Resource VU#521252 Source: SUSE Type: UNKNOWN SUSE-SA:2006:069 Source: CCN Type: OpenPKG-SA-2006.024 Asterisk Source: OSVDB Type: UNKNOWN 29972 Source: CCN Type: OSVDB ID: 29972 Asterisk Skinny Channel Driver (chan_skinny) get_input Function Remote Overflow Source: BUGTRAQ Type: UNKNOWN 20061018 Security-Assessment.com Advisory: Asterisk remote heap overflow Source: OPENPKG Type: UNKNOWN OpenPKG-SA-2006.024 Source: BID Type: Exploit, Patch 20617 Source: CCN Type: BID-20617 Asterisk Chan_Skinny Remote Buffer Overflow Vulnerability Source: DEBIAN Type: UNKNOWN DSA-1229 Source: VUPEN Type: UNKNOWN ADV-2006-4097 Source: XF Type: UNKNOWN asterisk-getinput-bo(29663) Source: XF Type: UNKNOWN asterisk-getinput-code-execution(29663) Source: SUSE Type: SUSE-SA:2006:069 asterisk remote denial of service problem | ||||||||||||
Vulnerable Configuration: | Configuration 1:![]() | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |