Main Vulnerability Database SB2012061103

SB2012061103 - Buffer overflow in asterisk (Alpine package)

Published: June 11, 2012

Security Bulletin ID SB2012061103

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2012-2416)

The vulnerability allows a remote #AU# to read and manipulate data.

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=ea96df454bf1485d8f06c5a1009bab4a08df56f7
https://git.alpinelinux.org/aports/commit/?id=446471c708335068c96c175704411ea2019e0548