Release DateDec 24, 2011 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a Remote Code Execution vulnerability in Asterisk.The vulnerability is caused by a stack-based buffer overflow in the process_sdp function in chan_sip.c. It allows remote attackers to execute arbitrary code. |
Affected ProductsAsterisk AsteriskNow Beta 5Asterisk Asterisk 1.4.2 Asterisk Asterisk 1.4.1 Asterisk Asterisk 1.4 Beta Asterisk Appliance Developers Kit 0.3 |
Recommended ActionsApply the patch, available from the following web sites:Asterisk Asterisk 1.4 Beta http://ftp.digium.com/pub/asterisk/releases/asterisk-1.4.3.tar.gz Asterisk Asterisk 1.4.1 http://ftp.digium.com/pub/asterisk/releases/asterisk-1.4.3.tar.gz Asterisk Asterisk 1.4.2 http://ftp.digium.com/pub/asterisk/releases/asterisk-1.4.3.tar.gz |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-2293 |
Reference/shttp://www.securityfocus.com/bid/23648 (BugTraq)http://www.securityfocus.com/archive/1/archive/1/466883/100/0/threaded |
