CVE-2007-5358 - OpenCVE

Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Digium	Asterisk

Configuration 1 [-]

cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*

References

Link	Resource
http://downloads.digium.com/pub/security/AST-2007-022.html
http://osvdb.org/38201
http://osvdb.org/38202
http://secunia.com/advisories/27184
http://www.securityfocus.com/archive/1/481996/100/0/threaded
http://www.securityfocus.com/bid/26005
http://www.securitytracker.com/id?1018804
http://www.vupen.com/english/advisories/2007/3454
https://exchange.xforce.ibmcloud.com/vulnerabilities/37051
https://exchange.xforce.ibmcloud.com/vulnerabilities/37052

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-12T23:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-10-10T00:00:00

Link: CVE-2007-5358

JSON object: View

NVD Information

Status : Modified

Published: 2007-10-12T23:17:00.000

Modified: 2018-10-15T21:43:58.700

Link: CVE-2007-5358

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-10T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://downloads.digium.com/pub/security/AST-2007-022.html"}, {"name": "38201", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38201"}, {"name": "asterisk-contentheader-bo(37052)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37052"}, {"name": "38202", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38202"}, {"name": "27184", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27184"}, {"name": "1018804", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018804"}, {"name": "26005", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26005"}, {"name": "asterisk-sprintf-bo(37051)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37051"}, {"name": "20071010 AST-2007-022: Buffer overflows in voicemail when using IMAP storage", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481996/100/0/threaded"}, {"name": "ADV-2007-3454", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3454"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5358", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://downloads.digium.com/pub/security/AST-2007-022.html", "refsource": "CONFIRM", "url": "http://downloads.digium.com/pub/security/AST-2007-022.html"}, {"name": "38201", "refsource": "OSVDB", "url": "http://osvdb.org/38201"}, {"name": "asterisk-contentheader-bo(37052)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37052"}, {"name": "38202", "refsource": "OSVDB", "url": "http://osvdb.org/38202"}, {"name": "27184", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27184"}, {"name": "1018804", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018804"}, {"name": "26005", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26005"}, {"name": "asterisk-sprintf-bo(37051)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37051"}, {"name": "20071010 AST-2007-022: Buffer overflows in voicemail when using IMAP storage", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/481996/100/0/threaded"}, {"name": "ADV-2007-3454", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3454"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5358", "datePublished": "2007-10-12T23:00:00", "dateReserved": "2007-10-10T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*", "matchCriteriaId": "600A8B6A-B929-455F-AB6C-548712F45A44", "versionEndIncluding": "1.4.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en la funcionalidad de voicemail del Asterisk 1.4.x anterior al 1.4.13, cuando se utiliza el almacenamiento IMAP, puede permitir (1) a atacantes ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una combinaci\u00f3n larga de cabeceras dependientes del tipo (Content-type) y de la descripci\u00f3n (Content-description), o (2) usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una combinaci\u00f3n larga de los campos astspooldir, voicemail context y voicemail mailbox. NOTA: el vector 2 requiere acceso de escritura en los ficheros de configuraci\u00f3n del Asterisk."}], "id": "CVE-2007-5358", "lastModified": "2018-10-15T21:43:58.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-12T23:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://downloads.digium.com/pub/security/AST-2007-022.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/38201"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/38202"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27184"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/481996/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26005"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018804"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3454"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37051"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37052"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}