pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/42753: comms/asterisk16 Remote Crash Vulnerability

>Number:         42753
>Category:       pkg
>Synopsis:       comms/asterisk16 Remote Crash Vulnerability
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Feb 06 02:00:00 +0000 2010
>Originator:     David Wetzel
>Release:        NetBSD 5.0.1
does not matter
An attacker attempting to negotiate T.38 over SIP can remotely crash Asterisk 
by modifying the FaxMaxDatagram field of the SDP to contain either a negative 
or exceptionally large value. The same crash occurs when the FaxMaxDatagram 
field is omitted from the SDP as well.

Home | Main Index | Thread Index | Old Index