thr3ads.net - Secure testing team - [Secure-testing-team] Bug#539473: CVE-2009-2651: Remote Crash Vulnerability in RTP stack [Aug 2009]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-Aug-01 08:57 UTC

[Secure-testing-team] Bug#539473: CVE-2009-2651: Remote Crash Vulnerability in RTP stack

Package: asterisk
Version: 1:1.6.2.0~dfsg~beta3-1
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for asterisk.

CVE-2009-2651[0]:
| main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote
| attackers to cause a denial of service (crash) via an RTP text frame
| without a certain delimiter, which triggers a NULL pointer dereference
| and the subsequent calculation of an invalid pointer.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2651
    http://security-tracker.debian.net/tracker/CVE-2009-2651
    http://downloads.asterisk.org/pub/security/AST-2009-004.html
    Patch:
http://downloads.asterisk.org/pub/security/AST-2009-004-1.6.1.diff.txt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp0A3oACgkQNxpp46476arl4ACdH0o5O/dZ4iQfOEEeMIWrKGVa
zEMAnjHCiRqFue+b7dRArjbCINLwLTXJ
=plQS
-----END PGP SIGNATURE-----

Secure testing team - Aug 2009 - Bug#539473: CVE-2009-2651: Remote Crash Vulnerability in RTP stack

[Secure-testing-team] Bug#539473: CVE-2009-2651: Remote Crash Vulnerability in RTP stack