diff options
| author | jnemeth <jnemeth@pkgsrc.org> | 2011-01-21 05:13:12 +0000 |
|---|---|---|
| committer | jnemeth <jnemeth@pkgsrc.org> | 2011-01-21 05:13:12 +0000 |
| commit | 1eefa3647db65545cba2db0a8ca8ad9931f631f0 (patch) | |
| tree | 6c7f663aaf3ff84b476b3a607da207be13b0e2f9 /www/p5-Continuity | |
| parent | 5f7364347a19269fa1a16931b53752845543ef63 (diff) | |
| download | pkgsrc-1eefa3647db65545cba2db0a8ca8ad9931f631f0.tar.gz | |
Update to 1.6.2.16.1
This is to fix AST-2011-001: Stack buffer overflow in SIP channel driver
Asterisk Project Security Advisory - AST-2011-001
Product Asterisk
Summary Stack buffer overflow in SIP channel driver
Nature of Advisory Exploitable Stack Buffer Overflow
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On January 11, 2011
Reported By Matthew Nicholson
Posted On January 18, 2011
Last Updated On January 18, 2011
Advisory Contact Matthew Nicholson <mnicholson at digium.com>
CVE Name
Description When forming an outgoing SIP request while in pedantic mode, a
stack buffer can be made to overflow if supplied with
carefully crafted caller ID information. This vulnerability
also affects the URIENCODE dialplan function and in some
versions of asterisk, the AGI dialplan application as well.
The ast_uri_encode function does not properly respect the size
of its output buffer and can write past the end of it when
encoding URIs.
For full details, see:
http://downloads.digium.com/pub/security/AST-2011-001.html
Diffstat (limited to 'www/p5-Continuity')
0 files changed, 0 insertions, 0 deletions