CVE-2008-1289 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-1289
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1289

Description: Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41305 http://xforce.iss.net/xforce/xfdb/41302 ST 1019628 SREASON http://securityreason.com/securityalert/3763 SAID Secunia Advisory: SA29426 Secunia Advisory: SA29470 MISC http://labs.musecurity.com/advisories/MU-200803-01.txt FEDORA CONFIRM http://www.asterisk.org/node/48466 http://downloads.digium.com/pub/security/AST-2008-002.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/489817/100/0/threaded BID 28308

Return to the previous page.