Asterisk SIP T.38 SDP Parsing Remote Stack Buffer Overflow Vulnerabilities

Asterisk is prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.

Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause denial-of-service conditions.

Versions prior to Asterisk Open Source 1.4.3, AsteriskNOW Beta 6, and Asterisk Appliance Developer Kit 0.4.0 are vulnerable.

NOTE: These issues occur only when 't38 fax over SIP' is enabled in 'sip.conf'.


 

Privacy Statement
Copyright 2010, SecurityFocus