CVE-2006-5444

Asterisk 1.0.x-1.0.11 and 1.2.x-1.2.12 - Remote Code Execution via Skinny Channel Driver Integer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5444. PoCs published by Noam Rathaus.

AI-analyzed exploit summary This Perl script exploits a memory corruption vulnerability in chan_skippy by sending malformed packets to a TCP port, causing crashes due to double free or segmentation faults. It demonstrates the vulnerability's exploitability by triggering glibc errors.

Description

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Noam Rathaus · perldosmultiple
https://www.exploit-db.com/exploits/2597

This Perl script exploits a memory corruption vulnerability in chan_skippy by sending malformed packets to a TCP port, causing crashes due to double free or segmentation faults. It demonstrates the vulnerability's exploitability by triggering glibc errors.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: chan_skippy (Asterisk Skinny Channel Driver)
No auth needed
Prerequisites: Network access to the target's TCP port 2000
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19
Core References
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22480
Third Party Advisory vendor-advisory x_refsource_debian
http://www.us.debian.org/security/2006/dsa-1229
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_69_asterisk.html
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20617
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4097
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22651
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29972
Third Party Advisory, VDB Entry vendor-advisory x_refsource_openpkg
http://www.securityfocus.com/archive/1/449183/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23212
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29663
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/521252
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017089
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22979
Patch x_refsource_confirm
http://www.asterisk.org/node/109
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/449127/100/0/threaded

Scores

EPSS 0.8484
EPSS Percentile 99.7%

Details

Status published
Products (26)
digium/asterisk 0.1.7
digium/asterisk 0.1.8
digium/asterisk 0.1.9
digium/asterisk 0.1.9.1
digium/asterisk 0.2
digium/asterisk 0.3
digium/asterisk 0.4
digium/asterisk 0.7
digium/asterisk 0.7.1
digium/asterisk 0.7.2
... and 16 more
Published Oct 23, 2006
Tracked Since Feb 18, 2026