[Secure-testing-team] Bug#631445: asterisk; AST-2011-009 - crash on malformed SIP packet
Tzafrir Cohen
tzafrir at debian.org
Thu Jun 23 22:47:06 UTC 2011
Package: asterisk
Version: 1:1.8.4.2-1
Severity: grave
Tags: security upstream patch
Justification: user security hole
A remote user sending a SIP packet containing a Contact header with a
missing left angle bracket (<) causes Asterisk to access a null pointer.
This applies only to Asterisk 1.8 in Wheezy/Sid and not to the versions
in Squeeze and in Lenny.
For more information, see
http://downloads.asterisk.org/pub/security/AST-2011-009.html
More information about the Secure-testing-team
mailing list