CVE-2006-2898

Publication date 7 June 2006

Last updated 17 July 2025

Ubuntu priority

Description

The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
asterisk	9.10 karmic	Fixed 1.4.11~dfsg-1
	9.04 jaunty	Fixed 1.4.11~dfsg-1
	8.10 intrepid	Fixed 1.4.11~dfsg-1
	8.04 LTS hardy	Fixed 1.4.11~dfsg-1
	7.10 gutsy	Fixed 1.4.11~dfsg-1
	7.04 feisty	Fixed 1.2.16~dfsg-1ubuntu3.1
	6.10 edgy	Fixed 1.2.12.1.dfsg-1ubuntu1.4
	6.06 LTS dapper	Fixed 1.2.7.1.dfsg-2ubuntu3.4
zaptel	9.10 karmic	Fixed 1.2.8.dfsg-1
	9.04 jaunty	Fixed 1.2.8.dfsg-1
	8.10 intrepid	Fixed 1.2.8.dfsg-1
	8.04 LTS hardy	Fixed 1.2.8.dfsg-1
	7.10 gutsy	Fixed 1.2.8.dfsg-1
	7.04 feisty	Fixed 1.2.8.dfsg-1
	6.10 edgy	Fixed 1.2.8.dfsg-1
	6.06 LTS dapper	Ignored end of life

References

Other references

https://www.cve.org/CVERecord?id=CVE-2006-2898

CVE-2006-2898

Description

Status

References

Other references

Access our resources on patching vulnerabilities