Описание
Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-2119
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42823
- https://www.exploit-db.com/exploits/5749
- http://bugs.digium.com/view.php?id=12607
- http://downloads.digium.com/pub/security/AST-2008-008.html
- http://secunia.com/advisories/30517
- http://secunia.com/advisories/34982
- http://security.gentoo.org/glsa/glsa-200905-01.xml
- http://svn.digium.com/view/asterisk?view=rev&revision=120109
- http://www.securityfocus.com/archive/1/493020/100/0/threaded
- http://www.securitytracker.com/id?1020166
- http://www.vupen.com/english/advisories/2008/1731
Связанные уязвимости
Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Editio ...