Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1289 to the following vulnerability: Asterisk Project Security Advisory - AST-2008-002 Two buffer overflows exist in the RTP payload handling code of Asterisk. Both overflows can be caused by an INVITE or any other SIP packet with SDP. The request may need to be authenticated depending on configuration of the Asterisk installation. The first overflow is caused by sending a payload number that surpasses the programmed maximum payload number of 256. This causes an invalid memory write outside of the buffer. While this does not allow the attacker to write arbitrary data it does allow the attacker to write a 0 to other memory locations. The second overflow is caused by sending more than 32 RTP payloads. This causes a buffer on the stack to overflow allowing the attacker to write values between 0 and 256 (the maximum payload number) to memory locations after the buffer. References: http://downloads.digium.com/pub/security/AST-2008-002.html
asterisk-1.4.18.1-1.fc8 has been submitted as an update for Fedora 8
asterisk-1.4.18.1-1.fc7 has been submitted as an update for Fedora 7
asterisk-1.4.18.1-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
asterisk-1.4.18.1-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-2620 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-2554