[VIM] Asterisk / Core-ST discrepancy in vuln severity
Steven M. Christey
coley at mitre.org
Mon Jun 12 19:46:36 EDT 2006
I don't feel like commenting more publicly, but for those who like to
keep track of such things:
BUGTRAQ:20060609 CORE-2006-0330: Asterisk PBX truncated video frame vulnerability
"A vulnerability found in the Asterisk's handling of IAX2 video
frames could lead to remote compromise... The memcpy() at [E] will
receive a pointer to memory outside of the packet read from the
network as second argument and a negative value as third argument
resulting in an exploitable buffer overflow condition"
But the vendor fix (correlated by CORE-ST by mentioning CVE-2006-2898)
"The vulnerability ... can lead to denial of service attacks and
random Asterisk server crashes via a relatively trivial exploit."
So - is there one vuln or two? If two - then we don't know for sure
whether the vendor fixed the Core-ST issue or not. If one - then the
vendor apparently disagrees with a reliable, prominent researcher on
whether an issue is exploitable or not.
More information about the VIM