Bug 2254630 (CVE-2023-49294) - CVE-2023-49294 asterisk: access to arbitrary files via directory traversal
Summary: CVE-2023-49294 asterisk: access to arbitrary files via directory traversal
Keywords:
Status: NEW
Alias: CVE-2023-49294
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2254631 2254632
Blocks: 2254624
TreeView+ depends on / blocked
 
Reported: 2023-12-14 23:16 UTC by Robb Gatica
Modified: 2023-12-15 06:12 UTC (History)
0 users

Fixed In Version: asterisk 18.20.1, asterisk 20.5.1, asterisk 21.0.1, certified-asterisk 18.9-cert6
Doc Type: ---
Doc Text:
A flaw was discovered in Asterisk. A remote attacker may be able to read arbitrary files in restricted directories by sending a specially-crafted request to the server.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Robb Gatica 2023-12-14 23:16:44 UTC 
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.

https://github.com/asterisk/asterisk/blob/master/main/manager.c#L3757
https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5
https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f
Comment 1 Robb Gatica 2023-12-14 23:17:01 UTC 
Created asterisk tracking bugs for this issue:

Affects: epel-all [bug 2254631]
Affects: fedora-all [bug 2254632]
Note You need to log in before you can comment on or make changes to this bug.