Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3075
HistoryMar 21, 2008 - 12:00 a.m.

Asterisk日志函数及管理器远程格式串处理漏洞

2008-03-2100:00:00
Root
www.seebug.org
110

EPSS

0.076

Percentile

94.3%

JSON

BUGTRAQ ID: 28311
CVE(CAN) ID: CVE-2008-1333

Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。

Asterisk的日志和管理器功能实现上存在漏洞,远程攻击者可能利用此漏洞导致拒绝服务。

使用ast_verbose日志API调用所显示的日志消息没有显示为字符串,而是格式串;管理器命令command结果输出没有作为字符串附加到生成的响应消息中,而是附加为格式串。这两种情况都允许攻击者在输入中提交特意的格式串值导致崩溃。

Asterisk Asterisk 1.6.x
Asterisk

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://downloads.digium.com/pub/telephony/asterisk” target=“_blank”>http://downloads.digium.com/pub/telephony/asterisk</a>

Related

redhatcve 1
debiancve 1
cvelist 1
ubuntucve 1
nvd 1
prion 1
securityvulns 2
cve 1
nessus 1
debian 1
openvas 2
osv 1
redhatcve
redhatcve
CVE-2008-1333
2019-10-04 21:58:05
debiancve
debiancve
CVE-2008-1333
2008-03-20 00:44:00
cvelist
cvelist
CVE-2008-1333
2008-03-20 00:00:00
ubuntucve
ubuntucve
CVE-2008-1333
2008-03-20 00:00:00
nvd
nvd
CVE-2008-1333
2008-03-20 00:44:00
prion
prion
Format string
2008-03-20 00:44:00
securityvulns
securityvulns
AST-2008-004: Format String Vulnerability in Logger and Manager
2008-03-19 00:00:00
Asterisk multiple security vulnerabilities
2008-03-21 00:00:00
cve
cve
CVE-2008-1333
2008-03-20 00:44:00
nessus
nessus
Debian DSA-1525-1 : asterisk - several vulnerabilities
2008-03-21 00:00:00
debian
debian
[SECURITY] [DSA 1525-1] New asterisk packages fix several vulnerabilities
2008-03-20 11:25:39
openvas
openvas
Debian: Security Advisory (DSA-1525-1)
2008-03-27 00:00:00
Debian Security Advisory DSA 1525-1 (asterisk)
2008-03-27 00:00:00
osv
osv
asterisk
2008-03-20 00:00:00

EPSS

0.076

Percentile

94.3%

JSON
Related for SSV:3075
redhatcve1debiancve1cvelist1ubuntucve1nvd1prion1securityvulns2cve1nessus1debian1openvas2osv1