Asterisk 1.4.x - RTP Codec Payload Handling Multiple Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/28308/info Asterisk is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. Exploiting these issue...

Asterisk RTP Codec负载处理多个溢出漏洞

BUGTRAQ ID: 28308 CVECAN ID: CVE-2008-1289 Asterisk是开放源码的软件PBX，支持各种VoIP协议和设备。 Asterisk在处理带有畸形数据的请求时存在漏洞，如果在INVITE消息的SDP负载中发送了无效的RTP负载类型号的话，就会导致写入无效的内存位置，允许攻击者控制某些部分的内存。 无效的内存写入发生在processline（channels/chansip.c文件5275行）所调用的...

AST-2008-002: Two buffer overflows in RTP Codec Payload Handling

Asterisk Project Security Advisory - AST-2008-002 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Two buffer overflows in RTP Codec Payload | | | Handling |...