Asterisk-Addons ooh323 Driver Memory Free Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1020202 |
|
SecurityTracker URL: http://securitytracker.com/id/1020202
|
|
CVE Reference:
CVE-2008-2543
(Links to External Site)
|
Date: Jun 4 2008
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.2.x prior to 1.2.9, 1.4.x prior to 1.4.7
|
Description:
A vulnerability was reported in Asterisk-Addons. A remote user can cause denial of service conditions.
A remote user can send specially crafted data via TCP to the ooh323 channel driver to cause arbitrary memory to be freed and the target service to crash.
Tzafrir Cohen reported this vulnerability.
|
Impact:
A remote user can cause denial of service conditions.
|
Solution:
The vendor has issued fixed versions (1.2.9, 1.4.7).
The vendor's advisory is available at:
http://downloads.digium.com/pub/security/AST-2008-009.html
|
Vendor URL: downloads.digium.com/pub/security/AST-2008-009.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 4 Jun 2008 19:30:17 -0400
Subject: Asterisk
|
http://downloads.digium.com/pub/security/AST-2008-009.html
CVE-2008-2543
|
|
