PublicDate: 2006-06-07 10:02:00 UTC
Candidate: CVE-2006-2898
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2898
Description:
 The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and
 1.0.x before 1.0.11 allows remote attackers to cause a denial of service
 (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames,
 which bypasses a length check and leads to a buffer overflow involving
 negative length check.  NOTE: the vendor advisory claims that only a DoS is
 possible, but the original researcher is reliable.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_asterisk: released (1.2.7.1.dfsg-2ubuntu3.4)
edgy_asterisk: released (1.2.12.1.dfsg-1ubuntu1.4)
feisty_asterisk: released (1.2.16~dfsg-1ubuntu3.1)
gutsy_asterisk: released (1.4.11~dfsg-1)
hardy_asterisk: released (1.4.11~dfsg-1)
intrepid_asterisk: released (1.4.11~dfsg-1)
jaunty_asterisk: released (1.4.11~dfsg-1)
karmic_asterisk: released (1.4.11~dfsg-1)
devel_asterisk: released (1.4.11~dfsg-1)
dapper_zaptel: ignored (reached end-of-life)
edgy_zaptel: released (1.2.8.dfsg-1)
feisty_zaptel: released (1.2.8.dfsg-1)
gutsy_zaptel: released (1.2.8.dfsg-1)
hardy_zaptel: released (1.2.8.dfsg-1)
intrepid_zaptel: released (1.2.8.dfsg-1)
jaunty_zaptel: released (1.2.8.dfsg-1)
karmic_zaptel: released (1.2.8.dfsg-1)
devel_zaptel: DNE
upstream_asterisk: needs-triage
upstream_zaptel: needs-triage