Description
Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function.
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41301
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489823/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1019630
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28311
Patch x_refsource_confirm
http://downloads.digium.com/pub/security/AST-2008-004.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1525
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29426
Various Sources x_refsource_confirm
http://www.asterisk.org/node/48466
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0928
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29456
Scores
EPSS
0.0322
EPSS Percentile
86.6%
Details
CWE
CWE-134
Status
published
Products (5)
asterisk/open_source
1.6.0_beta1
asterisk/open_source
1.6.0_beta2
asterisk/open_source
1.6.0_beta3
asterisk/open_source
1.6.0_beta4
asterisk/open_source
1.6.0_beta5
Published
Mar 20, 2008
Tracked Since
Feb 18, 2026