Computer Security
[EN] no-pyccku

Asterisk voice server DoS
updated since 05.06.2008
SecurityVulns ID:9050
Threat Level:
Description:SIP protocol parsing NULL pointer dereference in pedantic mode. Uninitialized memory reference on in ooh323 channel driver.
Affected:ASTERISK : Asterisk 1.2
 ASTERISK : Asterisk s800i
 ASTERISK : AsteriskNOW 1.0
CVE:CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets.)
Original documentdocumentASTERISK, AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver (07.06.2008)
 documentASTERISK, AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode (05.06.2008)

NASA BigView buffer overflow
SecurityVulns ID:9062
Threat Level:
Description:PNM images parsing buffer overflow.
Affected:NASA : BigView 1.8
CVE:CVE-2008-2542 (Stack-based buffer overflow in the getline function in Ppm/ppm.C in NASA Ames Research Center BigView 1.8 allows user-assisted remote attackers to execute arbitrary code via a crafted PNM file.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0425 - NASA BigView Stack Buffer Overflow (07.06.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod