thr3ads.net - Secure testing team - [Secure-testing-team] Bug#631445: asterisk; AST-2011-009

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Tzafrir Cohen

2011-Jun-23 22:47 UTC

[Secure-testing-team] Bug#631445: asterisk; AST-2011-009 - crash on malformed SIP packet

Package: asterisk
Version: 1:1.8.4.2-1
Severity: grave
Tags: security upstream patch
Justification: user security hole

A remote user sending a SIP packet containing a Contact header with a
missing left angle bracket (<) causes Asterisk to access a null pointer.

This applies only to Asterisk 1.8 in Wheezy/Sid and not to the versions
in Squeeze and in Lenny.

For more information, see 
http://downloads.asterisk.org/pub/security/AST-2011-009.html

Secure testing team - Jun 2011 - Bug#631445: asterisk; AST-2011-009 - crash on malformed SIP packet

[Secure-testing-team] Bug#631445: asterisk; AST-2011-009 - crash on malformed SIP packet