Bug 514953 (CVE-2009-2651) - CVE-2009-2651 asterisk: remote DoS on receipt of malformed RTP text frames
Summary: CVE-2009-2651 asterisk: remote DoS on receipt of malformed RTP text frames
Alias: CVE-2009-2651
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://web.nvd.nist.gov/view/vuln/det...
Depends On: 514954
TreeView+ depends on / blocked
Reported: 2009-07-31 16:17 UTC by Vincent Danen
Modified: 2019-09-29 12:31 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-10-27 18:20:45 UTC

Attachments (Terms of Use)

Description Vincent Danen 2009-07-31 16:17:27 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-2651 to
the following vulnerability:

Name: CVE-2009-2651
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2651
Assigned: 20090730
Reference: MISC: http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt
Reference: CONFIRM: http://downloads.asterisk.org/pub/security/AST-2009-004.html
Reference: BID:35837
Reference: URL: http://www.securityfocus.com/bid/35837
Reference: OSVDB:56571
Reference: URL: http://osvdb.org/56571
Reference: SECTRACK:1022608
Reference: URL: http://www.securitytracker.com/id?1022608
Reference: SECUNIA:36039
Reference: URL: http://secunia.com/advisories/36039
Reference: VUPEN:ADV-2009-2067
Reference: URL: http://www.vupen.com/english/advisories/2009/2067
Reference: XF:asterisk-rtp-dos(52046)
Reference: URL: http://xforce.iss.net/xforce/xfdb/52046

main/rtp.c in Asterisk Open Source 1.6.1 before allows remote
attackers to cause a denial of service (crash) via an RTP text frame
without a certain delimiter, which triggers a NULL pointer dereference
and the subsequent calculation of an invalid pointer.

Note: the upstream advisory indicates that only 1.6.1.x is affected, so this only affects Fedora 11 and rawhide (Fedora 10 has  Upstream patch to correct the issue:


Also note that release corrects this issue as well.

Comment 1 Vincent Danen 2009-07-31 16:17:42 UTC
Created asterisk tracking bugs for this issue

CVE-2009-2651 Affects: Fdevel [bug #514954]

Comment 2 Fedora Update System 2009-09-25 20:09:37 UTC
asterisk- has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.