Launchpad.net

CVE 2006-5444

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.

Related bugs and status

CVE-2006-5444 (Candidate) is related to these bugs:

Bug #66912: Asterisk vulnerabilities in chan_skinny.c and chan_sip.c

		In	Importance	Status
66912	Asterisk vulnerabilities in chan_skinny.c and chan_sip.c	asterisk (Ubuntu)	Undecided	Fix Released
66912	Asterisk vulnerabilities in chan_skinny.c and chan_sip.c	asterisk (Ubuntu Edgy)	Undecided	Fix Released
66912	Asterisk vulnerabilities in chan_skinny.c and chan_sip.c	asterisk (Ubuntu Dapper)	Undecided	Fix Released
66912	Asterisk vulnerabilities in chan_skinny.c and chan_sip.c	asterisk (Ubuntu Breezy)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://ftp.digium.com/...
CONFIRM: http://ftp.digium.com/...
CONFIRM: http://www.asterisk.or...
BID: 20617
SECTRACK: 1017089
SECUNIA: 22480
FULLDISC: 20061018 Asterisk remo...
CERT-VN: VU#521252
GENTOO: GLSA-200610-15
OSVDB: 29972
SECUNIA: 22651
SUSE: SUSE-SA:2006:069
SECUNIA: 22979
DEBIAN: DSA-1229
SECUNIA: 23212
VUPEN: ADV-2006-4097
XF: asterisk-getinput-code...
BUGTRAQ: 20061018 Security-Asse...
OPENPKG: OpenPKG-SA-2006.024