CVE-2006-1827

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-1827
Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.

6.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz Patch
http://secunia.com/advisories/19800
http://secunia.com/advisories/19872
http://secunia.com/advisories/19897
http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory Exploit Patch
http://www.debian.org/security/2006/dsa-1048
http://www.novell.com/linux/security/advisories/2006_04_28.html
http://www.securityfocus.com/bid/17561
http://www.vupen.com/english/advisories/2006/1478
http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz Patch
http://secunia.com/advisories/19800
http://secunia.com/advisories/19872
http://secunia.com/advisories/19897
http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory Exploit Patch
http://www.debian.org/security/2006/dsa-1048
http://www.novell.com/linux/security/advisories/2006_04_28.html
http://www.securityfocus.com/bid/17561
http://www.vupen.com/english/advisories/2006/1478
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.4:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.5:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.6:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.7:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.8:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.9:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.10:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.11:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.12:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.4:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0_rc1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0_rc2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*
History

21 Nov 2024, 00:09

Type Values Removed Values Added
References () http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz - Patch () http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz - Patch
References () http://secunia.com/advisories/19800 - () http://secunia.com/advisories/19800 -
References () http://secunia.com/advisories/19872 - () http://secunia.com/advisories/19872 -
References () http://secunia.com/advisories/19897 - () http://secunia.com/advisories/19897 -
References () http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory - Exploit, Patch () http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory - Exploit, Patch
References () http://www.debian.org/security/2006/dsa-1048 - () http://www.debian.org/security/2006/dsa-1048 -
References () http://www.novell.com/linux/security/advisories/2006_04_28.html - () http://www.novell.com/linux/security/advisories/2006_04_28.html -
References () http://www.securityfocus.com/bid/17561 - () http://www.securityfocus.com/bid/17561 -
References () http://www.vupen.com/english/advisories/2006/1478 - () http://www.vupen.com/english/advisories/2006/1478 -
Information

Published : 2006-04-18 20:02

Updated : 2024-11-21 00:09

NVD link : CVE-2006-1827

Mitre link : CVE-2006-1827

CVE.ORG link : CVE-2006-1827

JSON object : View

Products Affected

digium

  • asterisk
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024