Release date:
Updated on:
Affected Systems:
Asterisk 1.8.4 2
Asterisk 10.0
Asterisk 1.8.7.2
Asterisk 1.8.7.1
Asterisk 1.8.4.4
Asterisk 1.8.4.3
Asterisk 1.8.4 1
Asterisk 1.8.3.3
Asterisk 1.8.3.1
Asterisk 1.8.2.1
Asterisk 1.8.2 4
Asterisk 1.8.1.2
Asterisk 1.8.1
Asterisk 1.8
Asterisk 1.8
Unaffected system:
Asterisk 10.0.1
Asterisk 1.8.8 2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51581
Cve id: CVE-2012-0885
Asterisk is a free and open-source software that enables the Telephone User Switch (PBX) function.
Asterisk has a security vulnerability in implementation. If video support is not enabled and the res_srtp Asterisk module is not loaded, attackers can exploit this vulnerability to cause server crash.
<* Source: Catalin Sanda
Link: http://downloads.asterisk.org/pub/security/AST-2012-001.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Asterisk
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://downloads.asterisk.org/pub/security/