| Summary: | <net-misc/asterisk-{1.6.2.16.2-r2,1.8.2.4}: Exploitable Stack and Heap Array Overflows When Decoding UDPTL Packets (CVE-2011-1147) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | chainsaw, voip+disabled |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://downloads.asterisk.org/pub/security/AST-2011-002.html | ||
| Whiteboard: | B1 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 352059 | ||
| Bug Blocks: | |||
|
Description
Tim Sammut (RETIRED)
2011-02-22 04:48:32 UTC
1.6.2.16.2 & 1.8.2.4 are both in the portage tree, the former stable and the latter masked. Security, please proceed with GLSA vote. (In reply to comment #1) > 1.6.2.16.2 & 1.8.2.4 are both in the portage tree, the former stable and the > latter masked. Security, please proceed with GLSA vote. > Thanks, Tony. No vote required. GLSA request filed (with 352059). CVE-2011-1147 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1147): Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet. This issue was resolved and addressed in GLSA 201110-21 at http://security.gentoo.org/glsa/glsa-201110-21.xml by GLSA coordinator Tim Sammut (underling). |