Ubuntu
asterisk package

[CVE-2008-2119] Remote Crash Vulnerability in SIP channel driver when run in pedantic mode

Bug #237229 reported by Till Ulen
252
Affects Status Importance Assigned to Milestone
asterisk (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: asterisk

CVE-2008-2119 description from the upstream advisory AST-2008-008:

"During pedantic SIP processing the From header value is
passed to the ast_uri_decode function to be decoded. In
two instances it is possible for the code to cause a
crash as the From header value is not checked to be
non-NULL before being passed to the function."

http://www.securityfocus.com/archive/1/493020

Links for future reference:
http://www.asterisk.org/security (advisory not available yet)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2119 (details hidden as of now)

CVE References

Kees Cook (kees)
Changed in asterisk:
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Marking Fix Released as this should be fixed in all supported releases.

Changed in asterisk (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.