pkg/42753: comms/asterisk16 Remote Crash Vulnerability

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/42753: comms/asterisk16 Remote Crash Vulnerability
From: dave%turbocat.de@localhost
Date: Sat, 6 Feb 2010 02:00:01 +0000 (UTC)

>Number:         42753
>Category:       pkg
>Synopsis:       comms/asterisk16 Remote Crash Vulnerability
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Feb 06 02:00:00 +0000 2010
>Originator:     David Wetzel
>Release:        NetBSD 5.0.1
>Organization:
>Environment:
does not matter
>Description:
An attacker attempting to negotiate T.38 over SIP can remotely crash Asterisk 
by modifying the FaxMaxDatagram field of the SDP to contain either a negative 
or exceptionally large value. The same crash occurs when the FaxMaxDatagram 
field is omitted from the SDP as well.
>How-To-Repeat:
see http://downloads.asterisk.org/pub/security/AST-2010-001.pdf
>Fix:

Prev by Date: pkg/42751: audio/mp32ogg: Not a GLOB reference at /usr/pkg/lib/perl5/vendor_perl/5.10.0/MP3/Info.pm line 526.
Next by Date: Re: pkg/42751 (audio/mp32ogg: Not a GLOB reference at /usr/pkg/lib/perl5/vendor_perl/5.10.0/MP3/Info.pm line 526.)
Previous by Thread: pkg/42751: audio/mp32ogg: Not a GLOB reference at /usr/pkg/lib/perl5/vendor_perl/5.10.0/MP3/Info.pm line 526.
Next by Thread: Re: pkg/42751 (audio/mp32ogg: Not a GLOB reference at /usr/pkg/lib/perl5/vendor_perl/5.10.0/MP3/Info.pm line 526.)
Indexes:

Home | Main Index | Thread Index | Old Index