FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Multiple Vulnerabilities

Affected packages
asterisk18 < 1.8.7.2
asterisk16 < 1.6.2.21

Details

VuXML ID bb389137-21fb-11e1-89b4-001ec9578670
Discovery 2011-12-08
Entry 2011-12-09

Asterisk project reports:

It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header.

[source]

When the "automon" feature is enabled in features.conf, it is possible to send a sequence of SIP requests that cause Asterisk to dereference a NULL pointer and crash.

[source]

References

CVE Name CVE-2011-4597
CVE Name CVE-2011-4598
URL http://downloads.asterisk.org/pub/security/AST-2011-013.html
URL http://downloads.asterisk.org/pub/security/AST-2011-014.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.