DSA-2276-1 asterisk -- multiple denial of serviceID: oval:org.secpod.oval:def:600587 | Date: (C)2011-07-12 (M)2022-10-10 |
Class: PATCH | Family: unix |
Paul Belanger reported a vulnerability in Asterisk identified as AST-2011-008 through which an unauthenticated attacker may crash an Asterisk server remotely. A package containing a null char causes the SIP header parser to alter unrelated memory structures. Jared Mauch reported a vulnerability in Asterisk identified as AST-2011-009 through which an unauthenticated attacker may crash an Asterisk server remotely. If a user sends a package with a Contact header with a missing left angle bracket the server will crash. A possible workaround is to disable chan_sip. The vulnerability identified as AST-2011-010 reported about an input validation error in the IAX2 channel driver. An unauthenticated attacker may crash an Asterisk server remotely by sending a crafted option control frame.
Platform: |
Debian 5.0 |
Debian 6.0 |