FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Exploitable Stack Buffer Overflow

Affected packages
1.4.* < asterisk14 < 1.4.39.1
1.6.* < asterisk16 < 1.6.2.16.1
1.8.* < asterisk18 < 1.8.2.2

Details

VuXML ID 5ab9fb2a-23a5-11e0-a835-0003ba02bf30
Discovery 2011-01-18
Entry 2011-01-19

The Asterisk Development Team reports:

The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2, 1.8.1.2, and 1.8.2.1 resolve an issue when forming an outgoing SIP request while in pedantic mode, which can cause a stack buffer to be made to overflow if supplied with carefully crafted caller ID information. The issue and resolution are described in the AST-2011-001 security advisory.

References

URL http://downloads.asterisk.org/pub/security/AST-2011-001.pdf