AST-2012-008 previously dealt with a denial of service attack exploitable in the Skinny channel driver that occurred when certain messages are sent after a previously registered station sends an Off Hook message. Unresolved in that patch is an issue in the Asterisk 10 releases, wherein, if a Station Key Pad Button Message is processed after an Off Hook message, the channel driver will inappropriately dereference a Null pointer. Similar to AST-2012-008, a remote attacker with a valid SCCP ID can can use this vulnerability by closing a connection to the Asterisk server when a station is in the "Off Hook" call state and crash the server. This only affects version 10, and is fixed in 10.5.1. References: http://downloads.digium.com/pub/security/AST-2012-009.html https://issues.asterisk.org/jira/browse/ASTERISK-19905 http://downloads.asterisk.org/pub/security/AST-2012-009-10.diff
Created asterisk tracking bugs for this issue Affects: fedora-17 [bug 832626]
asterisk-10.5.1-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.