Bug#458952: asterisk: remote denial of service vulnerability
Nico Golde
nion at debian.org
Thu Jan 3 20:43:17 UTC 2008
Package: asterisk
Severity: grave
Tags: security patch
Hi,
the following advisory by the asterisk people was published for asterisk.
AST-2008-001[0]:
| The handling of the BYE with Also transfer method was broken during the
| development of Asterisk 1.4. If a transfer attempt is made using this method
| the system will immediately crash upon handling the BYE message due to trying
| to copy data into a NULL pointer. It is important to note that a dialog must
| have already been established and up in order for this to happen.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
You can find a patch on:
http://svn.digium.com/view/asterisk/branches/1.4/channels/chan_sip.c?view=patch&r1=95191&r2=95946&pathrev=95946
For further information:
[0] http://downloads.digium.com/pub/security/AST-2008-001.html
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20080103/3cde3d05/attachment.pgp
More information about the Pkg-voip-maintainers
mailing list