Debian Security Advisory DSA 2171-1 (asterisk) Network Vulnerability

Summary

The remote host is missing an update to asterisk announced via advisory DSA 2171-1.

Solution

For the oldstable distribution (lenny), this problem has been fixed in version 1.4.21.2~dfsg-3+lenny2. For the stable distribution (squeeze), this problem has been fixed in version 1.6.2.9-2+squeeze1. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your asterisk packages. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202171-1

Insight

Matthew Nicholson discovered a buffer overflow in the SIP channel driver of Asterisk, an open source PBX and telephony toolkit, which could lead to the execution of arbitrary code.

Severity

Classification

CVE CVE-2011-0495

CVSS	Base Score: 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1135-1 (libtunepimp)
Debian Security Advisory DSA 088-1 (fml)
Debian Security Advisory DSA 1064-1 (cscope)
Debian Security Advisory DSA 092-1 (wmtv)
Debian Security Advisory DSA 083-1 (procmail)

Take action and discover your vulnerabilities