PublicDate: 2006-08-24 20:04:00 UTC
Candidate: CVE-2006-4346
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4346
Description:
 Asterisk 1.2.10 supports the use of client-controlled variables to
 determine filenames in the Record function, which allows remote attackers
 to (1) execute code via format string specifiers or (2) overwrite files via
 directory traversals involving unspecified vectors, as demonstrated by the
 CALLERIDNAME variable.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_asterisk: ignored (reached end-of-life)
edgy_asterisk: released (1.2.12.1.dfsg-1ubuntu1.4)
feisty_asterisk: released (1.2.16~dfsg-1ubuntu3.1)
gutsy_asterisk: released (1.4.11~dfsg-1)
hardy_asterisk: released (1.4.11~dfsg-1)
intrepid_asterisk: released (1.4.11~dfsg-1)
jaunty_asterisk: released (1.4.11~dfsg-1)
karmic_asterisk: released (1.4.11~dfsg-1)
devel_asterisk: released (1.4.11~dfsg-1)
upstream_asterisk: needs-triage