Vulnonym.org

CVE-2008-2119 - Speedless Partner

Description

Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3 when pedantic parsing (aka pedanticsipchecking) is enabled allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header related to invocations of the ast_uri_decode function and improper handling of (1) an empty const string and (2) a NULL pointer.

Reference

http://bugs.digium.com/view.php?id=12607 http://downloads.digium.com/pub/security/AST-2008-008.html http://svn.digium.com/view/asterisk?view=rev&revision=120109 http://secunia.com/advisories/30517 http://www.securitytracker.com/id?1020166 http://security.gentoo.org/glsa/glsa-200905-01.xml http://secunia.com/advisories/34982 http://www.vupen.com/english/advisories/2008/1731 https://exchange.xforce.ibmcloud.com/vulnerabilities/42823 https://www.exploit-db.com/exploits/5749 http://www.securityfocus.com/archive/1/493020/100/0/threaded