Nixpkgs security tracker
0.0 NONE
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Changed (C)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): None (N)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
5 packages
- asterisk-module-sccp
- asterisk-ldap
- python312Packages.asterisk-mbox
- python313Packages.asterisk-mbox
- python314Packages.asterisk-mbox
- @LeSuisse accepted
- @LeSuisse published on GitHub
ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
References
-
https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3 x_refsource_CONFIRM
Affected products
- ==< 21.12.1
- ==< 22.8.2
- ==< 23.2.2
- ==< 20.18.2
- ==< 20.7-cert9
Matching in nixpkgs
pkgs.asterisk_18
Software implementation of a telephone private branch exchange (PBX)
pkgs.asterisk_20
Software implementation of a telephone private branch exchange (PBX)
pkgs.asterisk_22
Software implementation of a telephone private branch exchange (PBX)
Ignored packages (5)
pkgs.asterisk-ldap
Software implementation of a telephone private branch exchange (PBX)
pkgs.asterisk-module-sccp
Replacement for the SCCP channel driver in Asterisk
pkgs.python312Packages.asterisk-mbox
Client side of a client/server to interact with Asterisk voicemail mailboxes
pkgs.python313Packages.asterisk-mbox
Client side of a client/server to interact with Asterisk voicemail mailboxes
pkgs.python314Packages.asterisk-mbox
Client side of a client/server to interact with Asterisk voicemail mailboxes
Package maintainers
-
@yorickvP Yorick van Pelt <yorickvanpelt@gmail.com>
-
@auntieNeo Jonathan Glines <auntieNeo@gmail.com>
-
@DerTim1 Tim Digel <tim.digel@active-group.de>