Candidate: CVE-2011-0495
PublicDate: 2011-01-20 19:00:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0495
 http://downloads.asterisk.org/pub/security/AST-2011-001.html
Description:
 Stack-based buffer overflow in the ast_uri_encode function in main/utils.c
 in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1,
 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when
 running in pedantic mode allows remote authenticated users to execute
 arbitrary code via crafted caller ID data in vectors involving the (1) SIP
 channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan
 function.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/705014
Priority: medium
Discovered-by:
Assigned-to: Daviey
CVSS: 

Patches_asterisk:
 other: http://downloads.asterisk.org/pub/security/AST-2011-001-1.4.diff
 other: http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff
 debdiff: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/705014
upstream_asterisk: released (1.6.2.16.1)
Tags_asterisk_hardy: stack-protector
Tags_asterisk_karmic: stack-protector
Tags_asterisk_lucid: stack-protector
Tags_asterisk_maverick: stack-protector
dapper_asterisk: ignored (reached end of life)
hardy_asterisk: ignored (reached end of life)
karmic_asterisk: ignored (reached end-of-life)
lucid_asterisk: released (1:1.6.2.5-0ubuntu1.3)
maverick_asterisk: released (1:1.6.2.7-1ubuntu1.1)
natty_asterisk: released (1:1.6.2.9-2ubuntu2)
devel_asterisk: released (1:1.6.2.9-2ubuntu2)