CVE-2006-5444 : Detail

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 2597

Publication date : 2006-10-18 22h00 +00:00
Author : Noam Rathaus
EDB Verified : Yes

Products Mentioned

Configuraton 0

Digium>>Asterisk >> Version 0.1.7

Digium>>Asterisk >> Version 0.1.8

Digium>>Asterisk >> Version 0.1.9

Digium>>Asterisk >> Version 0.1.9.1

Digium>>Asterisk >> Version 0.2

Digium>>Asterisk >> Version 0.3

Digium>>Asterisk >> Version 0.4

Digium>>Asterisk >> Version 0.7

Digium>>Asterisk >> Version 0.7.1

Digium>>Asterisk >> Version 0.7.2

Digium>>Asterisk >> Version 0.9

Digium>>Asterisk >> Version 1.0

Digium>>Asterisk >> Version 1.0.7

Digium>>Asterisk >> Version 1.0.8

Digium>>Asterisk >> Version 1.0.9

Digium>>Asterisk >> Version 1.0.10

Digium>>Asterisk >> Version 1.0.11

Digium>>Asterisk >> Version 1.2.6

Digium>>Asterisk >> Version 1.2.7

Digium>>Asterisk >> Version 1.2.8

Digium>>Asterisk >> Version 1.2.9

Digium>>Asterisk >> Version 1.2.10

Digium>>Asterisk >> Version 1.2.11

Digium>>Asterisk >> Version 1.2.12

Digium>>Asterisk >> Version 1.2_beta1

Digium>>Asterisk >> Version 1.2_beta2

References