Security Advisory

CVE-2007-5358

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2007-10-12 23:00:00

Last updated 2024-08-07 15:31:57

Assigner mitre

State PUBLISHED

Description

Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.

← Browse all CVEs View on cve.org ↗