CVE-2008-1289

Publication date 24 March 2008

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Description

Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.

Read the notes from the security team

Status

Package Ubuntu Release Status
asterisk 8.10 intrepid
Fixed 1:1.4.17~dfsg-2ubuntu1
8.04 LTS hardy
Fixed 1:1.4.17~dfsg-2ubuntu1
7.10 gutsy Ignored end of life, was needed
7.04 feisty
Not affected
6.10 edgy
Not affected
6.06 LTS dapper
Not affected

Notes

jdstrand

1.4 only

References

Other references

Access our resources on patching vulnerabilities