CVE-2008-1289
CVE-2008-1289
Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/31440unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://downloads.digium.com/pub/security/AST-2008-002.htmlhttp://labs.musecurity.com/advisories/MU-200803-01.txthttp://secunia.com/advisories/29426http://secunia.com/advisories/29470http://securityreason.com/securityalert/3763http://securitytracker.com/id?1019628https://exchange.xforce.ibmcloud.com/vulnerabilities/41302https://exchange.xforce.ibmcloud.com/vulnerabilities/41305https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.htmlhttp://www.asterisk.org/node/48466http://www.securityfocus.com/archive/1/489817/100/0/threaded