Security

New release of Asterix addresses vulnerabilities in voice mail module

Digium, the developers of Asterix, have released a new version of the telephone system software which remedies two vulnerabilities in the voicemail system which could lead to a DoS (Denial of Service) or a remote compromise.

Digium, the developers of Asterix, has released a new version of the telephone system software, which remedies two vulnerabilities in the voice mail system that could lead to a denial-of-service attack or a remote compromise.

According to Secunia:

The vulnerability is caused due to a boundary error within the IMAP-specific code for processing voice mail messages. This can be exploited to cause a buffer overflow via a specially crafted voice mail message sent as e-mail containing an overly long (more than 1,024 characters) combination of Content-Type or Content-Description headers.

A successful exploitation requires the user to listen to the voice mail message via a phone. Users retrieving their voice mail via e-mail are not affected. The above vulnerability is reported in 1.4.x versions and is fixed in the 1.4.13 update.

You can read more from the original Digium Security Advisory.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

0 comments

Editor's Picks