thr3ads.net - Secure testing team - [Secure-testing-team] Bug#631448: asterisk: AST-2011-010 (CVE-2011-2535) - crash due to using remote pointers [Jun 2011]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Tzafrir Cohen

2011-Jun-23 23:12 UTC

[Secure-testing-team] Bug#631448: asterisk: AST-2011-010 (CVE-2011-2535) - crash due to using remote pointers

Package: asterisk
Version: 1:1.8.4.2-1
Severity: grave
Tags: security upstream patch
Justification: user security hole

A memory address was inadvertently transmitted over the network via IAX2
via an option control frame and the remote party would try to access it.

This applies only to version 1.8 in Wheezy/Sid and not to the versions in
Lenny and Squeeze. The advisory does apply to some newer versions of
Asterisk 1.4 and 1.6.2, but not to the older versions used in Lenny and
Squeeze, respectively.

For more information, see
http://downloads.asterisk.org/pub/security/AST-2011-010.html

Secure testing team - Jun 2011 - Bug#631448: asterisk: AST-2011-010 (CVE-2011-2535) - crash due to using remote pointers

[Secure-testing-team] Bug#631448: asterisk: AST-2011-010 (CVE-2011-2535) - crash due to using remote pointers