Asterisk: IAX2 video frame buffer overflow — GLSA 200606-15

Asterisk contains a bug in the IAX2 channel driver making it vulnerable to the remote execution of arbitrary code.

Affected Packages

net-misc/asterisk on all architectures
Affected versions < 1.0.11_p1
Unaffected versions >= 1.0.11_p1

Background

Asterisk is an open source implementation of a telephone private branch exchange (PBX).

Description

Asterisk fails to properly check the length of truncated video frames in the IAX2 channel driver which results in a buffer overflow.

Impact

An attacker could exploit this vulnerability by sending a specially crafted IAX2 video stream resulting in the execution of arbitrary code with the permissions of the user running Asterisk.

Workaround

Disable public IAX2 support.

Resolution

All Asterisk users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.0.11_p1"

References

Release Date
June 14, 2006

Latest Revision
June 14, 2006: 01

Severity
high

Exploitable
remote

Bugzilla entries