Bug#482997: asterisk: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode (CVE-2008-2119)

Moritz Muehlenhoff jmm at inutil.org
Thu Jun 26 22:04:35 UTC 2008


On Mon, Jun 09, 2008 at 01:12:21PM +0200, Torgeir S. wrote:
> On Fri, Jun 06, 2008 at 10:01:01AM +0300, Faidon Liambotis wrote:
> > Ketil Vestby wrote:
> >> No problem for me, but I got the weekend filled so I dont think I can 
> >> test much of it before monday
> > OK, I'll try to test it myself, but a) my weekend is probably filled up  
> > as well :( b) you reported the bug in the first place, so it'd be best  
> > if you could confirm it's gone.
> >
> >>> I can point you to binary packages if you prefer.
> >>
> >> I do :-)
> > http://people.debian.org/~paravoid/asterisk-2etch5/
> >
> > Torgeir, you could test them too if you'd like.
> 
> 2etch5 was tested today. Unfortunately, asterisk died with a segfault (both when
> executed with /etc/init.d/asterisk and /usr/sbin/asterisk -vvvvv)
> 
> It looked like it had something to do with IAX, as it died right after
> saying:
>                                                                                                             
> (snip)                                                                                                      
>   == Registered channel type 'IAX2' (Inter Asterisk eXchange Driver (Ver 2))                                
>   == IAX Ready and Listening
> Segmentation fault
>                                                                                                             
> When I moved our iax.conf to iax.conf.OLD, asterisk didn't segfault and started normally:
> 
> Asterisk Ready.
> 
> It appears, after some commenting/uncommenting of config directives in
> /etc/asterisk/iax.conf, that asterisk 2etch5 will segfault if >1 peer
> has the same value in the host= directive.

Do we have a regression-free version? Shall we get in touch with upstream?

Cheers,
        Moritz





More information about the Pkg-voip-maintainers mailing list