Vulnerabilities > CVE-2005-3559 - Unspecified vulnerability in Digium Asterisk
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.
Vulnerable Configurations
Exploit-Db
description | Asterisk 0.x/1.0/1.2 Voicemail Unauthorized Access Vulnerability. CVE-2005-3559. Webapps exploit for cgi platform |
id | EDB-ID:26475 |
last seen | 2016-02-03 |
modified | 2005-11-07 |
published | 2005-11-07 |
reporter | Adam Pointon |
source | https://www.exploit-db.com/download/26475/ |
title | Asterisk 0.x/1.0/1.2 Voicemail Unauthorized Access Vulnerability |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1048.NASL |
description | Several problems have been discovered in Asterisk, an Open Source Private Branch Exchange (telephone control center). The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3559 Adam Pointon discovered that due to missing input sanitising it is possible to retrieve recorded phone messages for a different extension. - CVE-2006-1827 Emmanouel Kellinis discovered an integer signedness error that could trigger a buffer overflow and hence allow the execution of arbitrary code. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22590 |
published | 2006-10-14 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22590 |
title | Debian DSA-1048-1 : asterisk - several vulnerabilities |
References
- http://osvdb.org/20577
- http://secunia.com/advisories/17459
- http://secunia.com/advisories/19872
- http://securitytracker.com/id?1015164
- http://www.assurance.com.au/advisories/200511-asterisk.txt
- http://www.debian.org/security/2006/dsa-1048
- http://www.securityfocus.com/archive/1/415990/30/0/threaded
- http://www.securityfocus.com/bid/15336
- http://www.vupen.com/english/advisories/2005/2346
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23002