Vulnerabilities > CVE-2006-5444 - Unspecified vulnerability in Digium Asterisk
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.
Vulnerable Configurations
Exploit-Db
description | Asterisk <= 1.0.12 / 1.2.12.1 (chan_skinny) Remote Heap Overflow (PoC). CVE-2006-5444. Dos exploits for multiple platform |
id | EDB-ID:2597 |
last seen | 2016-01-31 |
modified | 2006-10-19 |
published | 2006-10-19 |
reporter | Noam Rathaus |
source | https://www.exploit-db.com/download/2597/ |
title | Asterisk <= 1.0.12 / 1.2.12.1 chan_skinny Remote Heap Overflow PoC |
Nessus
NASL family Gain a shell remotely NASL id ASTERISK_CHAN_SKINNY_DLEN_OVERFLOW.NASL description The chan_skinny channel driver included in the version of Asterisk running on the remote host does not properly validate the length header in incoming packets. An unauthenticated, remote attacker may be able to leverage this flaw to execute code on the affected host subject to the privileges under which Asterisk runs, generally root. last seen 2020-06-01 modified 2020-06-02 plugin id 22878 published 2006-10-19 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22878 title Asterisk Skinny Channel Driver (chan_skinny) get_input Function Remote Overflow code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(22878); script_version("1.23"); script_cve_id("CVE-2006-5444"); script_bugtraq_id(20617); script_name(english:"Asterisk Skinny Channel Driver (chan_skinny) get_input Function Remote Overflow"); script_summary(english:"Sends a special packet to Asterisk's chan_skinny channel driver"); script_set_attribute(attribute:"synopsis", value: "A telephony application running on the remote host is affected by a heap overflow vulnerability." ); script_set_attribute(attribute:"description", value: "The chan_skinny channel driver included in the version of Asterisk running on the remote host does not properly validate the length header in incoming packets. An unauthenticated, remote attacker may be able to leverage this flaw to execute code on the affected host subject to the privileges under which Asterisk runs, generally root." ); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/449127/30/0/threaded" ); # http://web.archive.org/web/20061108144940/http://www.asterisk.org/node/109 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e5f58960" ); script_set_attribute(attribute:"solution", value: "Either disable the chan_skinny channel driver or upgrade to Asterisk 1.2.13 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2006/10/19"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/10/18"); script_set_attribute(attribute:"patch_publication_date", value: "2006/10/19"); script_cvs_date("Date: 2019/03/06 18:38:55"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:digium:asterisk"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Gain a shell remotely"); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_dependencies("skinny_detect.nasl"); script_require_ports("Services/skinny", 2000); exit(0); } include("byte_func.inc"); port = get_kb_item("Services/skinny"); if (!port) port = 2000; if (!get_port_state(port)) exit(0); soc = open_sock_tcp(port); if (!soc) exit(0); # Send a weird request; a vulnerable version will respond while # a patched one will silently drop it. device = "SEP6E6573737573"; ip = split(compat::this_host(), sep:'.', keep:FALSE); set_byte_order(BYTE_ORDER_LITTLE_ENDIAN); req = mkdword(0x80000000) + # message length mkdword(0) + # reserved mkdword(1) + # message id (1 => station register) device + mkbyte(0) + # name mkdword(0) + # station userid mkdword(1) + # station instance mkbyte(int(ip[0])) + # client ip mkbyte(int(ip[1])) + mkbyte(int(ip[2])) + mkbyte(int(ip[3])) + mkdword(2) + # device type (2 => 12SPplus) mkdword(0); # max streams req += crap(1008-strlen(req)); send(socket:soc, data:req); res = recv(socket:soc, length:1024); close(soc); # There's a problem if we get a response. if ( strlen(res) > 12 && getdword(blob:res, pos:0) == strlen(res) - 8 && ( getdword(blob:res, pos:8) == 0x81 || (getdword(blob:res, pos:8) == 0x9d && string("No Authority: ", device) >< res) ) ) security_hole(port);
NASL family SuSE Local Security Checks NASL id SUSE_ASTERISK-2272.NASL description This update fixes 2 security problem in the PBX software Asterisk. CVE-2006-5444: Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. CVE-2006-5445: A vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk on SUSE Linux 10.1 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of last seen 2020-06-01 modified 2020-06-02 plugin id 27156 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27156 title openSUSE 10 Security Update : asterisk (asterisk-2272) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update asterisk-2272. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27156); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-5444", "CVE-2006-5445"); script_name(english:"openSUSE 10 Security Update : asterisk (asterisk-2272)"); script_summary(english:"Check for the asterisk-2272 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes 2 security problem in the PBX software Asterisk. CVE-2006-5444: Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. CVE-2006-5445: A vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk on SUSE Linux 10.1 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of 'a real pvt structure' that uses more resources than necessary." ); script_set_attribute( attribute:"solution", value:"Update the affected asterisk package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:asterisk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"asterisk-1.2.5-12.8") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "asterisk"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1229.NASL description Adam Boileau discovered an integer overflow in the Skinny channel driver in Asterisk, an Open Source Private Branch Exchange or telephone system, as used by Cisco SCCP phones, which allows remote attackers to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 23790 published 2006-12-11 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23790 title Debian DSA-1229-1 : asterisk - integer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1229. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(23790); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2006-5444"); script_bugtraq_id(20617); script_xref(name:"CERT", value:"521252"); script_xref(name:"DSA", value:"1229"); script_name(english:"Debian DSA-1229-1 : asterisk - integer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Adam Boileau discovered an integer overflow in the Skinny channel driver in Asterisk, an Open Source Private Branch Exchange or telephone system, as used by Cisco SCCP phones, which allows remote attackers to execute arbitrary code." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1229" ); script_set_attribute( attribute:"solution", value: "Upgrade the asterisk packages. For the stable distribution (sarge) this problem has been fixed in version 1.0.7.dfsg.1-2sarge4." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/11"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/10/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"asterisk", reference:"1.0.7.dfsg.1-2sarge4")) flag++; if (deb_check(release:"3.1", prefix:"asterisk-config", reference:"1.0.7.dfsg.1-2sarge4")) flag++; if (deb_check(release:"3.1", prefix:"asterisk-dev", reference:"1.0.7.dfsg.1-2sarge4")) flag++; if (deb_check(release:"3.1", prefix:"asterisk-doc", reference:"1.0.7.dfsg.1-2sarge4")) flag++; if (deb_check(release:"3.1", prefix:"asterisk-gtk-console", reference:"1.0.7.dfsg.1-2sarge4")) flag++; if (deb_check(release:"3.1", prefix:"asterisk-h323", reference:"1.0.7.dfsg.1-2sarge4")) flag++; if (deb_check(release:"3.1", prefix:"asterisk-sounds-main", reference:"1.0.7.dfsg.1-2sarge4")) flag++; if (deb_check(release:"3.1", prefix:"asterisk-web-vmail", reference:"1.0.7.dfsg.1-2sarge4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200610-15.NASL description The remote host is affected by the vulnerability described in GLSA-200610-15 (Asterisk: Multiple vulnerabilities) Asterisk contains buffer overflows in channels/chan_mgcp.c from the MGCP driver and in channels/chan_skinny.c from the Skinny channel driver for Cisco SCCP phones. It also dangerously handles client-controlled variables to determine filenames in the Record() function. Finally, the SIP channel driver in channels/chan_sip.c could use more resources than necessary under unspecified circumstances. Impact : A remote attacker could execute arbitrary code by sending a crafted audit endpoint (AUEP) response, by sending an overly large Skinny packet even before authentication, or by making use of format strings specifiers through the client-controlled variables. An attacker could also cause a Denial of Service by resource consumption through the SIP channel driver. Workaround : There is no known workaround for the format strings vulnerability at this time. You can comment the lines in /etc/asterisk/mgcp.conf, /etc/asterisk/skinny.conf and /etc/asterisk/sip.conf to deactivate the three vulnerable channel drivers. Please note that the MGCP channel driver is disabled by default. last seen 2020-06-01 modified 2020-06-02 plugin id 22930 published 2006-10-31 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22930 title GLSA-200610-15 : Asterisk: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200610-15. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(22930); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-4345", "CVE-2006-4346", "CVE-2006-5444", "CVE-2006-5445"); script_xref(name:"GLSA", value:"200610-15"); script_name(english:"GLSA-200610-15 : Asterisk: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200610-15 (Asterisk: Multiple vulnerabilities) Asterisk contains buffer overflows in channels/chan_mgcp.c from the MGCP driver and in channels/chan_skinny.c from the Skinny channel driver for Cisco SCCP phones. It also dangerously handles client-controlled variables to determine filenames in the Record() function. Finally, the SIP channel driver in channels/chan_sip.c could use more resources than necessary under unspecified circumstances. Impact : A remote attacker could execute arbitrary code by sending a crafted audit endpoint (AUEP) response, by sending an overly large Skinny packet even before authentication, or by making use of format strings specifiers through the client-controlled variables. An attacker could also cause a Denial of Service by resource consumption through the SIP channel driver. Workaround : There is no known workaround for the format strings vulnerability at this time. You can comment the lines in /etc/asterisk/mgcp.conf, /etc/asterisk/skinny.conf and /etc/asterisk/sip.conf to deactivate the three vulnerable channel drivers. Please note that the MGCP channel driver is disabled by default." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200610-15" ); script_set_attribute( attribute:"solution", value: "All Asterisk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.2.13'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:asterisk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/10/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/31"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-misc/asterisk", unaffected:make_list("ge 1.2.13", "rge 1.0.12"), vulnerable:make_list("lt 1.2.13", "lt 1.0.12"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Asterisk"); }
NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_069.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:069 (asterisk). Two security problem have been found and fixed in the PBX software Asterisk. CVE-2006-5444: Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) as used by Cisco SCCP phones, allows remote attackers to potentially execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. CVE-2006-5445: A vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk on SUSE Linux 10.1 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of last seen 2019-10-28 modified 2007-02-18 plugin id 24446 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24446 title SUSE-SA:2006:069: asterisk code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:069 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(24446); script_version ("1.9"); name["english"] = "SUSE-SA:2006:069: asterisk"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2006:069 (asterisk). Two security problem have been found and fixed in the PBX software Asterisk. CVE-2006-5444: Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) as used by Cisco SCCP phones, allows remote attackers to potentially execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. CVE-2006-5445: A vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk on SUSE Linux 10.1 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of 'a real pvt structure' that uses more resources than necessary." ); script_set_attribute(attribute:"solution", value: "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html" ); script_set_attribute(attribute:"risk_factor", value:"High" ); script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/18"); script_end_attributes(); summary["english"] = "Check for the version of the asterisk package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"asterisk-1.0.9-4.6", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"asterisk-1.0.6-4.6", release:"SUSE9.3") ) { security_hole(0); exit(0); }
References
- http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12
- http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12
- http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13
- http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html
- http://secunia.com/advisories/22480
- http://secunia.com/advisories/22480
- http://secunia.com/advisories/22651
- http://secunia.com/advisories/22651
- http://secunia.com/advisories/22979
- http://secunia.com/advisories/22979
- http://secunia.com/advisories/23212
- http://secunia.com/advisories/23212
- http://securitytracker.com/id?1017089
- http://securitytracker.com/id?1017089
- http://www.asterisk.org/node/109
- http://www.asterisk.org/node/109
- http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml
- http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml
- http://www.kb.cert.org/vuls/id/521252
- http://www.kb.cert.org/vuls/id/521252
- http://www.novell.com/linux/security/advisories/2006_69_asterisk.html
- http://www.novell.com/linux/security/advisories/2006_69_asterisk.html
- http://www.osvdb.org/29972
- http://www.osvdb.org/29972
- http://www.securityfocus.com/archive/1/449127/100/0/threaded
- http://www.securityfocus.com/archive/1/449127/100/0/threaded
- http://www.securityfocus.com/archive/1/449183/100/0/threaded
- http://www.securityfocus.com/archive/1/449183/100/0/threaded
- http://www.securityfocus.com/bid/20617
- http://www.securityfocus.com/bid/20617
- http://www.us.debian.org/security/2006/dsa-1229
- http://www.us.debian.org/security/2006/dsa-1229
- http://www.vupen.com/english/advisories/2006/4097
- http://www.vupen.com/english/advisories/2006/4097
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29663
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29663