[v2.4] asterisk: (1) Buffer Overflow and (2) User Dialplan Permission Escalation
Asterisk Project Security Advisory - AST-2013-006
http://seclists.org/fulldisclosure/2013/Dec/139
Asterisk Project Security Advisory - AST-2013-007
http://seclists.org/fulldisclosure/2013/Dec/140
See the parent task for details.
(from redmine: issue id 2504, created on 2013-12-17, closed on 2013-12-17)
- Relations:
- parent #2503 (closed)
- Changesets:
- Revision 8ccfac3c by Timo Teräs on 2013-12-17T13:00:31Z:
main/asterisk: security upgrade to 10.12.4
fixes #2504
AST-2013-002, CVE-2013-2686: DoS in HTTP server
AST-2013-003, CVE-2013-2264: Username disclosure in SIP
AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP
AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request
AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message
AST-2013-007: Asterisk Manager User Dialplan Permission Escalation