|
|
Subscribe / Log in / New account

asterisk: two denial of service flaws

Package(s):asterisk CVE #(s):CVE-2012-3863 CVE-2012-3812
Created:July 20, 2012 Updated:September 18, 2012
Description:

From the Fedora advisory:

CVE-2012-3863: If Asterisk sends a re-invite and an endpoint responds to the re-invite with a provisional response but never sends a final response, then the SIP dialog structure is never freed and the RTP ports for the call are never released. If an attacker has the ability to place a call, they could create a denial of service by using all available RTP ports.

CVE-2012-3812: If a single voicemail account is manipulated by two parties simultaneously, a condition can occur where memory is freed twice causing a crash.

Alerts:
Gentoo 201209-15 asterisk 2012-09-26
Debian DSA-2550-2 asterisk 2012-09-26
Debian DSA-2550-1 asterisk 2012-09-18
Fedora FEDORA-2012-10324 asterisk 2012-07-20
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds