Release date: 2012-04-23
Updated on: 2012-04-24
Affected Systems:
Asterisk 10.x
Asterisk 1.x
Unaffected system:
Asterisk 10.3.1
Asterisk 1.8.11.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53205
Asterisk is a free and open-source software that enables the Telephone User Switch (PBX) function.
Asterisk does not perform a p-> owner NULL pointer check on the handle_request_update () function. There is a security vulnerability in implementation. Attackers can exploit this vulnerability through Segmentation errors to cause the affected applications to crash.
<* Source: Thomas Arimont
Link: https://issues.asterisk.org/jira/browse/ASTERISK-19770
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Asterisk
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://downloads.asterisk.org/pub/security/