In association with heise online

13 October 2007, 16:19

Security update for Asterix 1.4

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Digium, developers of Asterix telephone system software have released version 1.4.13, which remedies two vulnerabilities in the voicemail system. In Asterix, voicemail is processed via IMAP, and according to Digium the code uses the unsafe sprintf function repeatedly. As a result, two buffer overflows can occur.

One buffer overflow can be exploited to cause a system to crash or inject and execute code on a terminal system. The flaw occurs when the headers for content type and content description collectively contain more than 1024 bytes. The report says that the flaw can only be exploited when users access their voicemail by telephone; access by e-mail is not affected. The update replaces the unsafe function calls with snprint calls. Only the Open Source version of Asterix 1.4.x is affected.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit