説明
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
AI分析AIによる分析
影響を受ける製品
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
c.1.0
digiumasterisk
c.1.0
digiumasterisk
c.1.0
digiumasterisk
c.1.0
digiumasterisk
c.1.0
debiandebian_linux
3.1
debiandebian_linux
4.0
参照
- http://downloads.digium.com/pub/security/AST-2007-026.htmlPatchVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlThird Party Advisory
- http://secunia.com/advisories/27827Third Party Advisory
- http://secunia.com/advisories/27892Third Party Advisory
- http://secunia.com/advisories/29242Third Party Advisory
- http://secunia.com/advisories/29782Third Party Advisory
- http://security.gentoo.org/glsa/glsa-200804-13.xmlThird Party Advisory
- http://securitytracker.com/id?1019020Third Party AdvisoryVDB Entry
- http://www.debian.org/security/2007/dsa-1417Third Party Advisory
- http://www.securityfocus.com/archive/1/484388/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/26647Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/4056Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38765Third Party AdvisoryVDB Entry
- http://downloads.digium.com/pub/security/AST-2007-026.htmlPatchVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlThird Party Advisory
- http://secunia.com/advisories/27827Third Party Advisory
- http://secunia.com/advisories/27892Third Party Advisory
- http://secunia.com/advisories/29242Third Party Advisory
- http://secunia.com/advisories/29782Third Party Advisory
- http://security.gentoo.org/glsa/glsa-200804-13.xmlThird Party Advisory