Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26461
HistoryJun 03, 2011 - 12:00 a.m.

AST-2011-007

2011-06-0300:00:00
vulners.com
9
JSON
           Asterisk Project Security Advisory - AST-2011-007

±-----------------------------------------------------------------------+
| Product | Asterisk |
|---------------------±-------------------------------------------------|
| Summary | Remote Crash Vulnerability in SIP channel driver |
|---------------------±-------------------------------------------------|
| Nature of Advisory | Remote attacker can crash an Asterisk server |
|---------------------±-------------------------------------------------|
| Susceptibility | Remote Authenticated Sessions |
|---------------------±-------------------------------------------------|
| Severity | Moderate |
|---------------------±-------------------------------------------------|
| Exploits Known | No |
|---------------------±-------------------------------------------------|
| Reported On | May 23, 2011 |
|---------------------±-------------------------------------------------|
| Reported By | Jonathan Rose [email protected] |
|---------------------±-------------------------------------------------|
| Posted On | June 02, 2011 |
|---------------------±-------------------------------------------------|
| Last Updated On | June 02, 2011 |
|---------------------±-------------------------------------------------|
| Advisory Contact | Jonathan Rose [email protected] |
|---------------------±-------------------------------------------------|
| CVE Name | CVE-2011-2216 |
±-----------------------------------------------------------------------+

±-----------------------------------------------------------------------+
| Description | If a remote user initiates a SIP call and the recipient |
| | picks up, the remote user can reply with a malformed |
| | Contact header that Asterisk will improperly handle and |
| | cause a crash due to a segmentation fault. |
±-----------------------------------------------------------------------+

±-----------------------------------------------------------------------+
| Resolution | Asterisk now immediately initializes buffer strings |
| | coming into the parse_uri_full function to prevent |
| | outside functions from receiving a NULL value pointer. |
| | This should increase the safety of any function that uses |
| | parse_uri or its wrapper functions which previously would |
| | attempt to work in the presence of a parse_uri failure by |
| | reading off of potentially uninitialized strings. |
±-----------------------------------------------------------------------+

±-----------------------------------------------------------------------+

Affected Versions
Product
-------------------------------±---------------±----------------------
Asterisk Open Source
±-----------------------------------------------------------------------+

±-----------------------------------------------------------------------+

Corrected In
Product
------------------------------------------±----------------------------
Asterisk Open Source
±-----------------------------------------------------------------------+

±-----------------------------------------------------------------------+

Patches
URL
-----------------------------------------------------------------±-----
Http://downloads.asterisk.org/pub/security/AST-2011-007-1.8.diff
±-----------------------------------------------------------------------+

±-----------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2011-007.pdf and |
| http://downloads.digium.com/pub/security/AST-2011-007.html |
±-----------------------------------------------------------------------+

±-----------------------------------------------------------------------+

Revision History
Date
-------------------±------------------------±-------------------------
06/02/11
±-----------------------------------------------------------------------+ 
           Asterisk Project Security Advisory - AST-2011-007
          Copyright (c) 2011 Digium, Inc. All Rights Reserved.

Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.

Related

nessus 4
openvas 6
freebsd 1
securityvulns 1
cve 1
fedora 2
debiancve 1
prion 1
ubuntucve 1
nessus
nessus
Fedora 15 : asterisk-1.8.4.2-1.fc15.1 (2011-8319)
2011-06-27 00:00:00
Asterisk SIP Channel Driver Denial of Service (AST-2011-007)
2011-06-05 00:00:00
Fedora 15 : asterisk-1.8.4.4-2.fc15 (2011-8983)
2011-07-13 00:00:00
openvas
openvas
Fedora Update for asterisk FEDORA-2011-8319
2011-07-12 00:00:00
Fedora Update for asterisk FEDORA-2011-8983
2011-07-18 00:00:00
FreeBSD Ports: asterisk18
2011-08-03 00:00:00
freebsd
freebsd
asterisk -- Remote crash vulnerability
2011-06-02 00:00:00
securityvulns
securityvulns
Asterisk DoS
2011-06-03 00:00:00
cve
cve
CVE-2011-2216
2011-06-06 19:55:00
fedora
fedora
[SECURITY] Fedora 15 Update: asterisk-1.8.4.2-1.fc15.1
2011-06-25 20:02:01
[SECURITY] Fedora 15 Update: asterisk-1.8.4.4-2.fc15
2011-07-12 22:05:49
debiancve
debiancve
CVE-2011-2216
2011-06-06 19:55:00
prion
prion
Null pointer dereference
2011-06-06 19:55:00
ubuntucve
ubuntucve
CVE-2011-2216
2011-06-06 00:00:00
JSON
Related for SECURITYVULNS:DOC:26461
nessus4openvas6freebsd1securityvulns1cve1fedora2debiancve1prion1ubuntucve1