Candidate: CVE-2011-2529
PublicDate: 2011-07-06 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2529
 http://downloads.asterisk.org/pub/security/AST-2011-008.html
Description:
 chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before
 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0'
 characters in SIP packets, which allows remote attackers to cause a denial
 of service (memory corruption) or possibly have unspecified other impact
 via a crafted packet.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631446
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_asterisk:
 upstream: http://downloads.asterisk.org/pub/security/AST-2011-008.diff
upstream_asterisk: released (1.6.2.18.1, 1.8.4.3)
hardy_asterisk: ignored (reached end-of-life)
lucid_asterisk: released (1:1.6.2.5-0ubuntu1.4)
maverick_asterisk: released (1:1.6.2.7-1ubuntu1.2)
natty_asterisk: released (1:1.6.2.9-2ubuntu2.1)
oneiric_asterisk: not-affected (1:1.8.4.4~dfsg-2ubuntu1.1)
precise_asterisk: not-affected
quantal_asterisk: not-affected
devel_asterisk: not-affected