LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

asterisk: two denial of service flaws

Package(s):asterisk CVE #(s):CVE-2012-3863 CVE-2012-3812
Created:July 20, 2012 Updated:September 18, 2012
Description:

From the Fedora advisory:

CVE-2012-3863: If Asterisk sends a re-invite and an endpoint responds to the re-invite with a provisional response but never sends a final response, then the SIP dialog structure is never freed and the RTP ports for the call are never released. If an attacker has the ability to place a call, they could create a denial of service by using all available RTP ports.

CVE-2012-3812: If a single voicemail account is manipulated by two parties simultaneously, a condition can occur where memory is freed twice causing a crash.

Alerts:
Fedora FEDORA-2012-10324 2012-07-20
Debian DSA-2550-1 2012-09-18
Debian DSA-2550-2 2012-09-26
Gentoo 201209-15 2012-09-26
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds