Red Hat Bugzilla – Bug 783487
CVE-2012-0885 asterisk: Remote DoS while processing crypto line for media stream with non-existing RTP
Last modified: 2012-08-07 03:44:58 EDT
A denial of service flaw was found in the way asterisk processed certain requests to negotiate secure video stream, when the res_srtp Asterisk module has been loaded and video support has not been enabled. A remote attacker could provide a specially-crafted media stream negotiation request, which once processed by Asterisk would lead to asterisk daemon crash by processing crypto line for such media stream.
Upstream patch against the v1.8.x branch:
Upstream patch against the v1.10.x branch:
This issue affects the versions of the asterisk package, as shipped with Fedora release of 15 and 16. Please schedule an update.
This issue affects the version of the asterisk package, as shipped with Fedora EPEL 6 release. Please schedule an update.
Created asterisk tracking bugs for this issue
Affects: fedora-all [bug 783490]
Affects: epel-6 [bug 783491]
The CVE identifier of CVE-2012-0885 has been assigned to this issue: