Asterisk
Project Security Advisory -
|
Product |
Asterisk |
|
Summary |
SRTP Video Remote Crash Vulnerability |
|
Nature of Advisory |
Denial of Service |
|
Susceptibility |
Remote unauthenticated sessions |
|
Severity |
Moderate |
|
Exploits Known |
No |
|
Reported On |
2012-01-15 |
|
Reported By |
Catalin Sanda |
|
Posted On |
2012-01-19 |
|
Last Updated On |
|
|
Advisory Contact |
Joshua Colp < jcolp AT digium DOT com > |
|
CVE Name |
CVE-2012-0885 |
|
Description |
An attacker attempting to negotiate a secure video stream can crash Asterisk if video support has not been enabled and the res_srtp Asterisk module is loaded. |
|
Resolution |
Upgrade to one of the versions of Asterisk listed in the “Corrected In” section, or apply a patch specified in the “Patches” section. |
|
Affected Versions |
||
|
Product |
Release Series |
|
|
Asterisk Open Source |
1.8.x |
All versions |
|
Asterisk Open Source |
10.x |
All versions |
|
Corrected In |
|
|
Product |
Release |
|
Asterisk Open Source |
1.8.8.2 |
|
Asterisk Open Source |
10.0.1 |
|
Patches |
|
|
SVN URL |
Branch |
|
http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |
v1.8 |
|
http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff |
v10 |
|
Links |
|
Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later
versions; if so, the latest version will be posted at
http://downloads.digium.com/pub/security/ |
|
Revision History |
||
|
Date |
Editor |
Revisions Made |
|
12-01-19 |
Joshua Colp |
Initial release |
|
12-01-20 |
Joshua Colp |
Added CVE |
Asterisk
Project Security Advisory -
Copyright
© 2012 Digium, Inc. All Rights Reserved.
Permission is
hereby granted to distribute and publish this advisory in its
original, unaltered form.