Candidate: CVE-2011-2535
PublicDate: 2011-07-06 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2535
 http://downloads.asterisk.org/pub/security/AST-2011-010.html
Description:
 chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before
 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk
 Business Edition C.3 before C.3.7.3, accesses a memory address contained in
 an option control frame, which allows remote attackers to cause a denial of
 service (daemon crash) or possibly have unspecified other impact via a
 crafted frame.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631448
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_asterisk:
 upstream: http://downloads.asterisk.org/pub/security/AST-2011-010-1.4.diff
 upstream: http://downloads.asterisk.org/pub/security/AST-2011-010-1.6.2.diff
 upstream: http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff
upstream_asterisk: released (1.4.41.1, 1.6.2.18.1, 1.8.4.3)
hardy_asterisk: ignored (reached end-of-life)
lucid_asterisk: released (1:1.6.2.5-0ubuntu1.4)
maverick_asterisk: released (1:1.6.2.7-1ubuntu1.2)
natty_asterisk: released (1:1.6.2.9-2ubuntu2.1)
oneiric_asterisk: not-affected (1:1.8.4.4~dfsg-2ubuntu1.1)
precise_asterisk: not-affected
quantal_asterisk: not-affected
devel_asterisk: not-affected