FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-03-29 07:37:46 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
0c39bafc-6771-11e3-868f-0025905a4771	asterisk -- multiple vulnerabilities The Asterisk project reports: A 16 bit SMS message that contains an odd message length value will cause the message decoding loop to run forever. The message buffer is not on the stack but will be overflowed resulting in corrupted memory and an immediate crash. External control protocols, such as the Asterisk Manager Interface, often have the ability to get and set channel variables; this allows the execution of dialplan functions. Dialplan functions within Asterisk are incredibly powerful, which is wonderful for building applications using Asterisk. But during the read or write execution, certain diaplan functions do much more. For example, reading the SHELL() function can execute arbitrary commands on the system Asterisk is running on. Writing to the FILE() function can change any file that Asterisk has write access to. When these functions are executed from an external protocol, that execution could result in a privilege escalation. Discovery 2013-12-16 Entry 2013-12-17 asterisk10 < 10.12.4 asterisk11 < 11.6.1 asterisk18 < 1.8.24.1 CVE-2013-7100 http://downloads.asterisk.org/pub/security/AST-2013-006.pdf http://downloads.asterisk.org/pub/security/AST-2013-007.pdf https://www.asterisk.org/security

VuXML ID

Description

0c39bafc-6771-11e3-868f-0025905a4771

asterisk -- multiple vulnerabilities

The Asterisk project reports:

A 16 bit SMS message that contains an odd message length value will cause the message decoding loop to run forever. The message buffer is not on the stack but will be overflowed resulting in corrupted memory and an immediate crash.

External control protocols, such as the Asterisk Manager Interface, often have the ability to get and set channel variables; this allows the execution of dialplan functions. Dialplan functions within Asterisk are incredibly powerful, which is wonderful for building applications using Asterisk. But during the read or write execution, certain diaplan functions do much more. For example, reading the SHELL() function can execute arbitrary commands on the system Asterisk is running on. Writing to the FILE() function can change any file that Asterisk has write access to. When these functions are executed from an external protocol, that execution could result in a privilege escalation.

Discovery 2013-12-16
Entry 2013-12-17
asterisk10

< 10.12.4

asterisk11

< 11.6.1

asterisk18

< 1.8.24.1

CVE-2013-7100
http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
http://downloads.asterisk.org/pub/security/AST-2013-007.pdf
https://www.asterisk.org/security