CVE-2008-1289

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.4.x through 1.4.18.1 Asterisk Open Source versions 1.6.x through 1.6.0-beta6 Asterisk Business Edition C.x.x through C.1.6.1 AsteriskNOW versions 1.0.x through 1.0.2 Asterisk Appliance Developer Kit before 1.4 revision 109386 Asterisk s800i versions 1.1.x through 1.1.0.2

Description The issue is related to multiple buffer overflows that allow remote attackers to write to arbitrary memory locations. This can be achieved via a large RTP payload number, which is related to the ast rtp unset m type function in main/rtp.c, or by sending a large number of RTP payloads, which is related to the process sdp function in channels/chan sip.c.

Recommendations For Asterisk Open Source versions 1.4.x through 1.4.18.1, update to version 1.4.18.1 or later. For Asterisk Open Source versions 1.6.x through 1.6.0-beta6, update to version 1.6.0-beta6 or later. For Asterisk Business Edition C.x.x through C.1.6.1, update to version C.1.6.1 or later. For AsteriskNOW versions 1.0.x through 1.0.2, update to version 1.0.2 or later. For Asterisk Appliance Developer Kit before 1.4 revision 109386, update to 1.4 revision 109386 or later. For Asterisk s800i versions 1.1.x through 1.1.0.2, update to version 1.1.0.2 or later.