|
|
CVE Reference: CVE-2008-1289 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-1289 |
|
|
Description: Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/41305 http://xforce.iss.net/xforce/xfdb/41302 ST 1019628 SREASON http://securityreason.com/securityalert/3763 SAID Secunia Advisory: SA29426 Secunia Advisory: SA29470 MISC http://labs.musecurity.com/advisories/MU-200803-01.txt FEDORA CONFIRM http://www.asterisk.org/node/48466 http://downloads.digium.com/pub/security/AST-2008-002.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/489817/100/0/threaded BID 28308 |
|
| Return to the previous page. |
