Posts Tagged AST-2009-004
Asterisk Security Advisory – AST-2009-004
Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories on August 3, 2009
Asterisk The Open Source PBX & Telephony Platform
Asterisk Project Security Advisory – AST-2009-004
An attacker can cause Asterisk to crash remotely by sending malformed RTP text frames. While the attacker can cause Asterisk to crash, he cannot execute arbitrary remote code with this exploit.
Users should upgrade to a version listed in the “Corrected In” section below.
|
Product |
Asterisk |
|
Summary |
Remote Crash Vulnerability in RTP stack |
|
Nature of Advisory |
Exploitable Crash |
|
Susceptibility |
Remote unauthenticated sessions |
|
Severity |
Critical |
|
Exploits Known |
No |
|
Reported On |
July 27, 2009 |
|
Reported By |
Marcus Hunger <hunger AT sipgate DOT de> |
|
Posted On |
August 2, 2009 |
|
Last Updated On |
August 2, 2009 |
|
Advisory Contact |
Mark Michelson <mmichelson AT digium DOT com> |
|
CVE Name |
Asterisk 1.6.0.11-rc2, 1.6.1.2, 1.6.1.3-rc1, and 1.6.2.0-beta4 Release Announcement
Posted by admin in asterisk, Asterisk Security Advisories, Release Candidates, Releases, Security Advisories, t.38 on August 3, 2009
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team is pleased to announce the the second release candidate of 1.6.0.11, the release of 1.6.1.2, the first release candidate of 1.6.1.3, and the fourth beta of 1.6.2.0. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/.
The release of 1.6.1.2 fixes a remote crash security vulnerability in the RTP stack. The related security advisory AST-2009-004 has been released along with this announcement. Please read that advisory for more information.
The release candidates and betas, in addition to other fixes, contain a major re-work of the T.38 support in Asterisk. If you’ve been having trouble with T.38 in the 1.6 series, you are strongly encouraged to try one of these release candidates to determine if these changes fixed your T.38 issues.
