SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (VoIP)  >  Asterisk Vendors:  Linux Support Services, Inc.
Asterisk IAX2 Channel Driver Lets Remote Users Deny Service
SecurityTracker Alert ID:  1016236
SecurityTracker URL:  http://securitytracker.com/id?1016236
CVE Reference:  CVE-2006-2898   (Links to External Site)
Updated:  Jun 12 2006
Original Entry Date:  Jun 7 2006
Impact:  Denial of service via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 1.2 prior to 1.2.9, 1.0 prior to 1.0.11
Description:  A vulnerability was reported in Asterisk. A remote user can cause denial of service conditions.

A remote authenticated user can send specially crafted data to cause the target Asterisk server to crash or suffer from denial of service conditions.
Impact:  A remote user can cause denial of service conditions on the target system.
Solution:  The vendor has issued fixed versions (1.0.11, 1.2.9), available at:

http://www.asterisk.org/download
http://ftp.digium.com/pub/telephony/asterisk/releases
Vendor URL:  www.asterisk.org/ (Links to External Site)
Cause:  Exception handling error
Underlying OS:  Linux (Any), UNIX (Any)
Reported By:  "Matt Riddell (IT)" <matt.riddell@sineapps.com>
Message History:   None.

 Source Message Contents
Date:  Tue, 06 Jun 2006 10:51:32 +0200
From:  "Matt Riddell (IT)" <matt.riddell@sineapps.com>
Subject:  Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix

 
The Asterisk Development Team today released Asterisk 1.2.9 and Asterisk
1.0.11 to address a security vulnerability in the IAX2 channel driver
(chan_iax2). The vulnerability affects all users with IAX2 clients that
might be compromised or used by a malicious user, and can lead to denial
of service attacks and random Asterisk server crashes via a relatively
trivial exploit.

All users are urged to upgrade as soon as they can practically do so, or
ensure that they don't expose IAX2 services to the public if it is not
necessary.

The release files are available in the usual place (ftp.digium.com), as
both tarballs and patch files relative to the last release. In addition,
both the tarballs and the patch files have been signed using GPG keys of
the release maintainers, so that you can ensure their authenticity.

Thank you for your support of Asterisk!

-- 
Cheers,

Matt Riddell
_______________________________________________

http://www.sineapps.com/news.php (Daily Asterisk News - html)
http://freevoip.gedameurope.com (Free Asterisk Voip Community)
http://www.sineapps.com/rssfeed.php (Daily Asterisk News - rss)


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2006, SecurityGlobal.net LLC