CVE

Id
20450  
CVE No.
CVE-2006-4346  
Status
Candidate  
Description
Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.  
Phase
Assigned (20060824)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
191672 20450 CVE-2006-4346 BUGTRAQ:20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)  View
191673 20450 CVE-2006-4346 URL:http://www.securityfocus.com/archive/1/archive/1/444322/100/0/threaded  View
191674 20450 CVE-2006-4346 MISC:http://labs.musecurity.com/advisories/MU-200608-01.txt  View
191675 20450 CVE-2006-4346 CONFIRM:http://www.sineapps.com/news.php?rssid=1448  View
191676 20450 CVE-2006-4346 GENTOO:GLSA-200610-15  View
191677 20450 CVE-2006-4346 URL:http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml  View
191678 20450 CVE-2006-4346 BID:19683  View
191679 20450 CVE-2006-4346 URL:http://www.securityfocus.com/bid/19683  View
191680 20450 CVE-2006-4346 VUPEN:ADV-2006-3372  View
191681 20450 CVE-2006-4346 URL:http://www.vupen.com/english/advisories/2006/3372  View
191682 20450 CVE-2006-4346 SECTRACK:1016742  View
191683 20450 CVE-2006-4346 URL:http://securitytracker.com/id?1016742  View
191684 20450 CVE-2006-4346 SECUNIA:22651  View
191685 20450 CVE-2006-4346 URL:http://secunia.com/advisories/22651  View
191686 20450 CVE-2006-4346 XF:asterisk-record-code-execution(28544)  View
191687 20450 CVE-2006-4346 URL:http://xforce.iss.net/xforce/xfdb/28544  View
191688 20450 CVE-2006-4346 XF:asterisk-record-directory-traversal(28564)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
59733 JVNDB-2006-001999 Mambo の kochsuite コンポーネントにおける PHP リモートファイルインクルージョンの脆弱性 Mambo および Joomla! の Kochsuite (com_kochsuite) コンポーネントの config.kochsuite.php には、PHP リモートファイルインクルージョンの脆弱性が存在します。 CVE-2006-4348 20450 7.5 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-001999.html  View