Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-2415

Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.

Related bugs and status

CVE-2012-2415 (Candidate) is related to these bugs:

Bug #996162: Please update Asterisk from Debian Sid

Summary				In	Importance	Status
	996162	Please update Asterisk from Debian Sid		asterisk (Ubuntu)	Undecided	Fix Released
	996162	Please update Asterisk from Debian Sid		asterisk (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://downloads.aster...
DEBIAN: DSA-2460
SECUNIA: 48891
SECUNIA: 48941
FEDORA: FEDORA-2012-6724
BID: 53210
OSVDB: 81455
SECTRACK: 1026962
XF: asterisk-skinny-driver...