| Check Point Reference: |
CPAI-2008-210 |
| Date Published: |
27 Apr 2008 |
| Severity: |
Critical
|
| Last Updated: |
Tuesday 01 January, 2008 |
| Source: |
Asterisk.org/node/48466
FRSIRT:ADV-2008-0928
SECTRACK:1019628 |
| Industry Reference: | CVE-2008-1289 |
| Protection Provided by: |
|
| Who is Vulnerable? | Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3
Astersik Open Source 1.6.x before 1.6.0-beta6
Asterisk Business Edition C.x.x before C.1.6.1
AsteriskNOW 1.0.x before 1.0.2
Asterisk Appliance Developer Kit before 1.4 revision 109386
s800i 1.1.x before 1.1.0.2 |
| Vulnerability Description |
Two buffer overflow vulnerabilities have been reported in the RTP payload handling code of Asterisk that could allow remote attackers to execute arbitrary code. |
| Vulnerability Status | Two fixes have been added to check the provided data to ensure it does not exceed static buffer sizes. |
| Vulnerability Details | A vulnerability in Asterisk could allow remote attackers to execute a buffer overflow by writing a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c.
A second vunerability in Asterisk could allow remote attackers to execute arbitrary code by writing certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c. |
Feedback