漏洞信息详情
Asterisk res_config_pgsql SQL注入漏洞
- CNNVD编号:CNNVD-200711-423
- 危害等级: 高危
- CVE编号: CVE-2007-6171
- 漏洞类型: SQL注入
- 发布时间: 2007-11-29
- 威胁类型: 远程
- 更新时间: 2007-11-30
- 厂 商: digium
- 漏洞来源: P. Chisteas is cre...
漏洞简介
Asterisk中的Postgres Realtime Engine (res_config_pgsql)存在SQL注入漏洞,远程攻击者借助未明向量执行任意SQL指令。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Asterisk Asterisk 1.4.1
Asterisk asterisk-1.4.15.tar.gz
http://www.digium.com/elqNow/elqRedir.htm?ref=
http://downloads.digium.com/pub/asterisk/releases/asterisk-1.4.15.tar.gz
Asterisk Asterisk 1.4.10
Asterisk asterisk-1.4.15.tar.gz
http://www.digium.com/elqNow/elqRedir.htm?ref=
http://downloads.digium.com/pub/asterisk/releases/asterisk-1.4.15.tar.gz
Asterisk Asterisk 1.4.11
Asterisk asterisk-1.4.15.tar.gz
http://www.digium.com/elqNow/elqRedir.htm?ref=
http://downloads.digium.com/pub/asterisk/releases/asterisk-1.4.15.tar.gz
Asterisk Asterisk 1.4.12
Asterisk asterisk-1.4.15.tar.gz
http://www.digium.com/elqNow/elqRedir.htm?ref=
http://downloads.digium.com/pub/asterisk/releases/asterisk-1.4.15.tar.gz
Asterisk Asterisk 1.4.13
Asterisk asterisk-1.4.15.tar.gz
http://www.digium.com/elqNow/elqRedir.htm?ref=
http://downloads.digium.com/pub/asterisk/releases/asterisk-1.4.15.tar.gz
Asterisk Asterisk 1.4.14
Asterisk asterisk-1.4.15.tar.gz
http://www.digium.com/elqNow/elqRedir.htm?ref=
http://downloads.digium.com/pub/asterisk/releases/asterisk-1.4.15.tar.gz
Asterisk Asterisk 1.4.2
Asterisk asterisk-1.4.15.tar.gz
http://www.digium.com/elqNow/elqRedir.htm?ref=
http://downloads.digium.com/pub/asterisk/releases/asterisk-1.4.15.tar.gz
Asterisk Asterisk 1.4.3
Asterisk asterisk-1.4.15.tar.gz
http://www.digium.com/elqNow/elqRedir.htm?ref=
http://downloads.digium.com/pub/asterisk/releases/asterisk-1.4.15.tar.gz
Asterisk Asterisk 1.4.4
Asterisk asterisk-1.4.15.tar.gz
http://www.digium.com/elqNow/elqRedir.htm?ref=
http://downloads.digium.com/pub/asterisk/releases/asterisk-1.4.15.tar.gz
Asterisk Asterisk 1.4.5
Asterisk asterisk-1.4.15.tar.gz
http://www.digium.com/elqNow/elqRedir.htm?ref=
http://downloads.digium.com/pub/asterisk/releases/asterisk-1.4.15.tar.gz
Asterisk Asterisk 1.4.6
Asterisk asterisk-1.4.15.tar.gz
http://www.digium.com/elqNow/elqRedir.htm?ref=
http://downloads.digium.com/pub/asterisk/releases/asterisk-1.4.15.tar.gz
Asterisk Asterisk 1.4.7
Asterisk asterisk-1.4.15.tar.gz
http://www.digium.com/elqNow/elqRedir.htm?ref=
http://downloads.digium.com/pub/asterisk/releases/asterisk-1.4.15.tar.gz
Asterisk Asterisk 1.4.8
Asterisk asterisk-1.4.15.tar.gz
http://www.digium.com/elqNow/elqRedir.htm?ref=
http://downloads.digium.com/pub/asterisk/releases/asterisk-1.4.15.tar.gz
Asterisk Asterisk 1.4.9
Asterisk asterisk-1.4.15.tar.gz
http://www.digium.com/elqNow/elqRedir.htm?ref=
http://downloads.digium.com/pub/asterisk/releases/asterisk-1.4.15.tar.gz
参考网址
来源: downloads.digium.com
链接:http://downloads.digium.com/pub/security/AST-2007-025.HTML
来源: XF
名称: asterisk-resconfigpgsql-sql-injection(38766)
链接:http://xforce.iss.net/xforce/xfdb/38766
来源: BID
名称: 26645
链接:http://www.securityfocus.com/bid/26645
来源: BUGTRAQ
名称: 20071129 AST-2007-025 - SQL Injection issue in res_config_pgsql
链接:http://www.securityfocus.com/archive/1/archive/1/484387/100/0/threaded
来源: VUPEN
名称: ADV-2007-4055
链接:http://www.frsirt.com/english/advisories/2007/4055
来源: SECTRACK
名称: 1019021
链接:http://securitytracker.com/id?1019021
来源: SECUNIA
名称: 27873
链接:http://secunia.com/advisories/27873
来源: OSVDB
名称: 38933
链接:http://osvdb.org/38933
受影响实体
- Digium Asterisk:1.4.14
- Digium Asterisk:C.1.0_beta5
- Digium Asterisk:C.1.0:Beta5:~~Business~~~
- Digium Asterisk:C.1.0:Beta4:~~Business~~~
- Digium Asterisk:C.1.0:Beta3:~~Business~~~
补丁
暂无
评论