This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 514953 - (CVE-2009-2651) CVE-2009-2651 asterisk: remote DoS on receipt of malformed RTP text frames
CVE-2009-2651 asterisk: remote DoS on receipt of malformed RTP text frames
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
http://web.nvd.nist.gov/view/vuln/det...
impact=important,source=cve,reported=...
: Security
Depends On: 514954
Blocks:
  Show dependency treegraph
 
Reported: 2009-07-31 12:17 EDT by Vincent Danen
Modified: 2009-10-27 14:20 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-10-27 14:20:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2009-07-31 12:17:27 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-2651 to
the following vulnerability:

Name: CVE-2009-2651
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2651
Assigned: 20090730
Reference: MISC: http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt
Reference: CONFIRM: http://downloads.asterisk.org/pub/security/AST-2009-004.html
Reference: BID:35837
Reference: URL: http://www.securityfocus.com/bid/35837
Reference: OSVDB:56571
Reference: URL: http://osvdb.org/56571
Reference: SECTRACK:1022608
Reference: URL: http://www.securitytracker.com/id?1022608
Reference: SECUNIA:36039
Reference: URL: http://secunia.com/advisories/36039
Reference: VUPEN:ADV-2009-2067
Reference: URL: http://www.vupen.com/english/advisories/2009/2067
Reference: XF:asterisk-rtp-dos(52046)
Reference: URL: http://xforce.iss.net/xforce/xfdb/52046

main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote
attackers to cause a denial of service (crash) via an RTP text frame
without a certain delimiter, which triggers a NULL pointer dereference
and the subsequent calculation of an invalid pointer.


Note: the upstream advisory indicates that only 1.6.1.x is affected, so this only affects Fedora 11 and rawhide (Fedora 10 has 1.6.0.5).  Upstream patch to correct the issue:

http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt

Also note that 1.6.1.2 release corrects this issue as well.
Comment 1 Vincent Danen 2009-07-31 12:17:42 EDT
Created asterisk tracking bugs for this issue

CVE-2009-2651 Affects: Fdevel [bug #514954]
Comment 2 Fedora Update System 2009-09-25 16:09:37 EDT
asterisk-1.6.1.6-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.