Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 169681 - net-misc/asterisk SIP DoS
Summary: net-misc/asterisk SIP DoS
Status: RESOLVED DUPLICATE of bug 169616
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-03-06 22:18 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2007-03-06 22:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-03-06 22:18:45 UTC 
Information seems a bit sparse, but SineApps reports:

Asterisk 1.4.1 has been released as well as Asterisk 1.2.16 and Zaptel 1.2.15. These include bugfixes as well as a solution to the recently discovered security hole. This security hole is a major one and as such, machines should be updated as soon as possible. I will post further information about it in around a week, but you should all upgrade your servers before then.

  Update: TrixBox, packaged Asterisk and OpenPBX are affected too:
 
  Update: Vulnerability is a remote DOS (segfaults Asterisk):
 
  Update: Vulnerability is in the SIP stack. If you have port 5060 blocked and are not using SIP then you should be fine. In any other situation, you should upgrade:
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-03-06 22:58:10 UTC 

*** This bug has been marked as a duplicate of bug 169616 ***