oss-sec mailing list archives

CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001)

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 19 Jan 2011 12:12:25 +0100

Hi Josh, Steve, vendors,

  Asterisk upstream yesterday released AST-2011-001, also with patches for supported versions.
  References:
  [1] http://downloads.asterisk.org/pub/security/AST-2011-001.html
  [2] http://seclists.org/fulldisclosure/2011/Jan/297
  [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610487
  [4] https://bugzilla.redhat.com/show_bug.cgi?id=670777

Could you allocate CVE id for this?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) Jan Lieskovsky (Jan 19)
- Re: CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) Steven M. Christey (Jan 19)
  - Re: CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) Matthew Nicholson (Jan 19)