Launchpad.net

CVE 2008-1333

Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function.

Related bugs and status

CVE-2008-1333 (Candidate) is related to these bugs:

Bug #210124: [asterisk] several vulnerabilities

		In	Importance	Status
210124	[asterisk] several vulnerabilities	asterisk (Ubuntu)	Undecided	Fix Released
210124	[asterisk] several vulnerabilities	asterisk (Ubuntu Dapper)	Undecided	Won't Fix
210124	[asterisk] several vulnerabilities	asterisk (Ubuntu Edgy)	Undecided	Won't Fix
210124	[asterisk] several vulnerabilities	asterisk (Ubuntu Hardy)	Undecided	Fix Released
210124	[asterisk] several vulnerabilities	asterisk (Ubuntu Feisty)	Undecided	Won't Fix
210124	[asterisk] several vulnerabilities	asterisk (Ubuntu Gutsy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://downloads.digiu...
CONFIRM: http://www.asterisk.or...
BID: 28311
SECTRACK: 1019630
SECUNIA: 29426
DEBIAN: DSA-1525
SECUNIA: 29456
VUPEN: ADV-2008-0928
XF: asterisk-astverbose-do...
BUGTRAQ: 20080318 AST-2008-004:...