oss-sec mailing list archives

Re: CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001)

From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Wed, 19 Jan 2011 07:21:36 -0500 (EST)


On Wed, 19 Jan 2011, Jan Lieskovsky wrote:

Asterisk upstream yesterday released AST-2011-001, also with patches forsupported versions.

 References:
 [1] http://downloads.asterisk.org/pub/security/AST-2011-001.html
 [2] http://seclists.org/fulldisclosure/2011/Jan/297
 [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610487
 [4] https://bugzilla.redhat.com/show_bug.cgi?id=670777


Use CVE-2011-0495

- Steve

Current thread:

CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) Jan Lieskovsky (Jan 19)
- Re: CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) Steven M. Christey (Jan 19)
  - Re: CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) Matthew Nicholson (Jan 19)