Vulnerabilities > CVE-2006-1827 - Integer Overflow vulnerability in Asterisk JPEG File Handling
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.
Vulnerable Configurations
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1048.NASL description Several problems have been discovered in Asterisk, an Open Source Private Branch Exchange (telephone control center). The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3559 Adam Pointon discovered that due to missing input sanitising it is possible to retrieve recorded phone messages for a different extension. - CVE-2006-1827 Emmanouel Kellinis discovered an integer signedness error that could trigger a buffer overflow and hence allow the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22590 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22590 title Debian DSA-1048-1 : asterisk - several vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8B683BEAD49C11DAA672000E0C2E438A.NASL description Emmanouel Kellenis reports a denial of service vulnerability within asterisk. The vulnerability is caused by a buffer overflow in last seen 2020-06-01 modified 2020-06-02 plugin id 21468 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21468 title FreeBSD : asterisk -- denial of service vulnerability, local system access (8b683bea-d49c-11da-a672-000e0c2e438a)
References
- http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz
- http://secunia.com/advisories/19800
- http://secunia.com/advisories/19872
- http://secunia.com/advisories/19897
- http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory
- http://www.debian.org/security/2006/dsa-1048
- http://www.novell.com/linux/security/advisories/2006_04_28.html
- http://www.securityfocus.com/bid/17561
- http://www.vupen.com/english/advisories/2006/1478