PublicDate: 2008-03-20 00:44:00 UTC
Candidate: CVE-2008-1333
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1333
Description:
 Format string vulnerability in Asterisk Open Source 1.6.x before
 1.6.0-beta6 might allow remote attackers to execute arbitrary code via
 logging messages that are not properly handled by (1) the ast_verbose
 logging API call, or (2) the astman_append function.
Ubuntu-Description:
Notes:
 jdstrand> 1.2 and 1.4 not exploitable, but need fix (per Debian)
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 


Patches_asterisk:
upstream_asterisk: needs-triage
dapper_asterisk: ignored (reached end-of-life)
edgy_asterisk: needed (reached end-of-life)
feisty_asterisk: needed (reached end-of-life)
gutsy_asterisk: needed (reached end-of-life)
hardy_asterisk: released (1:1.4.17~dfsg-2ubuntu1)
intrepid_asterisk: released (1:1.4.17~dfsg-2ubuntu1)
jaunty_asterisk: released (1:1.4.17~dfsg-2ubuntu1)
karmic_asterisk: released (1:1.4.17~dfsg-2ubuntu1)
devel_asterisk: released (1:1.4.17~dfsg-2ubuntu1)