|
|
CVE Reference: CVE-2006-2898 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-2898 |
|
|
Description: The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/27045 SUSE http://www.novell.com/linux/security/advisories/2006_38_security.html ST 1016236 SAID Secunia Advisory: SA20497 Secunia Advisory: SA20658 Secunia Advisory: SA20899 Secunia Advisory: SA21222 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml DEBIAN http://www.debian.org/security/2006/dsa-1126 CONFIRM http://www.asterisk.org/node/95 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/436127/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/436671/100/0/threaded BID 18295 |
|
| Return to the previous page. |
