Thursday, May 3, 2007

Vulnerabilities on Quicktime and Asterisk

Was doing some reading on my frequently accessed security page, SANS and found these two vulnerabilities that should be of mention.

These two software i use well, often, like Quicktime (for my ITunes) and Asterisk (for my mobile VoIP support).

Quicktime- A vulnerability that allows a an exploit on Windows and Mac machines that have Java and Apple Quicktime installed. This exploitation allows code execution and has been categorized as HIGH alert by SANS institution. Apple has not made a fix but recommends a workaround, yea you guessed it, disable Java on your browser.

Asterisk - There's multiple exploits on the Asterisk box with T38 fax function installed on Asterisk opensource PBX. This exploitation allows code execution and has been categorized as HIGH alert by SANS institution. Successfully exploiting this vulnerability will buffer overflow this fax module on Asterisk and can allow an attacker to execute code running the same process as Asterisk is. Asterisk has confirmed this bug and has provided a fix.

No comments: