1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200606-15 / asterisk |
| Release Date | June 14, 2006 |
| Latest Revision | June 14, 2006: 01 |
| Impact | high |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| net-misc/asterisk | < 1.0.11_p1 | >= 1.0.11_p1 | All supported architectures |
Related bugreports: #135680
Asterisk contains a bug in the IAX2 channel driver making it vulnerable to the remote execution of arbitrary code.
Asterisk is an open source implementation of a telephone private branch exchange (PBX).
Asterisk fails to properly check the length of truncated video frames in the IAX2 channel driver which results in a buffer overflow.
An attacker could exploit this vulnerability by sending a specially crafted IAX2 video stream resulting in the execution of arbitrary code with the permissions of the user running Asterisk.
Disable public IAX2 support.
All Asterisk users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.0.11_p1" |