[Bug 1022360] Re: (CVE-2012-3812) CVE-2012-3812 asterisk: Remote crash vulnerability in voice mail application (CVE-2012-3863) CVE-2012-3863 asterisk: Possible resource leak on uncompleted re-invite transactions
karma
1022360 at bugs.launchpad.net
Sun Jul 8 19:21:04 UTC 2012
AST-2012-010
If Asterisk sends a re-invite and an endpoint responds to the re-invite with a provisional
response but never sends a final response, then the SIP dialog structure is never freed
and the RTP ports for the call are never released. If an attacker has the ability to place a
call, they could create a denial of service by using all available RTP ports.
References:
http://downloads.asterisk.org/pub/security/AST-2012-010.pdf
http://downloads.asterisk.org/pub/security/AST-2012-010.txt
http://downloads.asterisk.org/pub/security/AST-2012-010-10.diff
http://downloads.asterisk.org/pub/security/AST-2012-010-1.8.diff
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to asterisk in Ubuntu.
https://bugs.launchpad.net/bugs/1022360
Title:
(CVE-2012-3812) CVE-2012-3812 asterisk: Remote crash vulnerability in
voice mail application (CVE-2012-3863) CVE-2012-3863 asterisk:
Possible resource leak on uncompleted re-invite transactions
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1022360/+subscriptions
More information about the Ubuntu-server-bugs
mailing list