Debian Asterisk vulnerabilities

CVE-2005-3559 [MEDIUM] CVE-2005-3559: asterisk - Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-b... Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter. Scope: local bullseye: resolved (fixed in 1:1.2.7.1.dfsg-2) sid: resolved (fixed in 1:1.2.7.1.dfsg-2)

CVE-2005-2081 [MEDIUM] CVE-2005-2081: asterisk - Stack-based buffer overflow in the function that parses commands in Asterisk 1.0... Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character. Scope: local bullseye: resolved (fixed in 1:1.0.9.dfsg-1) sid: resolved (fixed in 1:1.0.9.dfsg-1)

CVE-2003-0779 [HIGH] CVE-2003-0779: asterisk - SQL injection vulnerability in the Call Detail Record (CDR) logging functionalit... SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string. Scope: local bullseye: resolved (fixed in 0.7.0) sid: resolved (fixed in 0.7.0)

CVE-2003-0761 [HIGH] CVE-2003-0761: asterisk - Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Prot... Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests. Scope: local bullseye: resolved (fixed in 0.5.0) sid: resolved (fixed in 0.5.0)