A NULL pointer dereference flaw was found in the way Asterisk handled INFO requests, when the 'automon' feature was enabled. If no channel had been created yet, a remote attacker could use this flaw to cause a denial of service (asterisk crash) by sending an INFO request. References: [1] http://www.asterisk.org/node/51693 [2] http://downloads.asterisk.org/pub/security/AST-2011-014.pdf [4] https://bugs.gentoo.org/show_bug.cgi?id=394095 Upstream patch (for 1.8 branch): [5] http://svnview.digium.com/svn/asterisk?view=revision&sortby=date&revision=347533
This issue affects the versions of the asterisk package, as shipped with Fedora release of 15 and 16. Please schedule an update. -- This issue affects the version of the asterisk package, as shipped with Fedora EPEL 6. Please schedule an update.
CVE Request: http://www.openwall.com/lists/oss-security/2011/12/09/3
Created asterisk tracking bugs for this issue Affects: fedora-all [bug 765778] Affects: epel-6 [bug 765779]
This was assigned the name CVE-2011-4598.
asterisk-1.8.10.1-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.