oss-security January 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] CVE Request -- Asterisk: Stack-base

[oss-security] CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001)

From: Jan Lieskovsky <jlieskov_at_nospam>
Date: Wed Jan 19 2011 - 11:12:25 GMT
To: "Steven M. Christey" <coley@linus.mitre.org>, Matthew Nicholson <mnicholson@digium.com>

Hi Josh, Steve, vendors,

   Asterisk upstream yesterday released AST-2011-001, also with patches for supported versions.
   [1] http://downloads.asterisk.org/pub/security/AST-2011-001.html
   [2] http://seclists.org/fulldisclosure/2011/Jan/297
   [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610487
   [4] https://bugzilla.redhat.com/show_bug.cgi?id=670777

Could you allocate CVE id for this?

Thanks && Regards, Jan.
-- Jan iankko Lieskovsky / Red Hat Security Response Team