Intrusion Prevention

Asterisk.Voicemail.Unauthorized.Access

Description

Asterisk has a unauthorized-access vulnerability. A remote authenticated attacker could obtain information including other user's voicemail recordings via a specially crafted "folder" parameter with the request of "vmail.cgi".

Affected Products

Asterisk version 1.0.9 and prior
Asterisk version 1.2.0-beta1 and prior

Impact

Obtain Information

Recommended Actions

A fix is available via CVS.
http://cvsweb.digium.com/index.cgi/asterisk/

CVE References

CVE-2005-3559