Fixing a potential buffer overflow in the manager command ModuleCheck.
authorMark Michelson <mmichelson@digium.com>
Thu, 13 Mar 2008 20:59:00 +0000 (20:59 +0000)
committerMark Michelson <mmichelson@digium.com>
Thu, 13 Mar 2008 20:59:00 +0000 (20:59 +0000)
commitd236e3d1b1b38a2a900e995db88afd31567a63c6
tree60257f7a19cff5ab37a1a484250e67d097223f23
parent5aba7c1cbe075e0f1c5090e6a7686dcbff125cf3
Fixing a potential buffer overflow in the manager command ModuleCheck.

Though this overflow is exploitable remotely, we are NOT issuing a security
advisory for this since in order to exploit the overflow, the attacker would
have to establish an authenticated manager session AND have the system privilege.
By gaining this privilege, the attacker already has more powerful weapons at his
disposal than overflowing a buffer with a malformed manager header, so the vulnerability
in this case really lies with the authentication method that allowed the attacker to
gain the system privilege in the first place.

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@108529 65c4cc65-6c06-0410-ace0-fbb531ad65f3
main/manager.c