Asterisk SRTP Video Stream Negotiation Remote Crash (AST-2012-001)

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server. The vulnerability can be triggered by attempting to negotiate a secure video stream when it has not bee...

Gentoo Security Advisory GLSA 201202-06 (asterisk)

The remote host is missing updates announced in advisory GLSA 201202-06. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

CVE-2012-0885

chansip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the ressrtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted SDP message with a crypto attribu...

CVE-2012-0885

CVE-2012-0885 affects Asterisk Open Source: 1.8.x before 1.8.8.2 and 10.x before 10.0.1. When the res_srtp module is loaded and media support is misconfigured, a crafted SDP message with a crypto attribute can cause a NULL pointer dereference and daemon crash (DoS) via either a video or text medi...

CVE-2012-0885

chansip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the ressrtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted SDP message with a crypto attribu...