1
Candidate: CVE-2011-4598
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4598
5
http://downloads.asterisk.org/pub/security/AST-2011-014.html
7
The handle_request_info function in channels/chan_sip.c in Asterisk Open
8
Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is
9
enabled, allows remote attackers to cause a denial of service (NULL pointer
10
dereference and daemon crash) via a crafted sequence of SIP requests.
14
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651552
16
Discovered-by: Kristijan Vrban
20
patch: http://downloads.asterisk.org/pub/security/AST-2011-014-1.6.2.diff
21
patch: http://downloads.asterisk.org/pub/security/AST-2011-014-1.8.diff
22
vendor: http://www.debian.org/security/2011/dsa-2367
23
upstream_asterisk: released (1.6.2.21, 1.8.7.2)
24
hardy_asterisk: not-affected
25
lucid_asterisk: ignored (reached end-of-life)
26
maverick_asterisk: ignored (reached end-of-life)
27
natty_asterisk: ignored (reached end-of-life)
28
oneiric_asterisk: ignored (reached end-of-life)
29
precise_asterisk: not-affected (1:1.8.10.1~dfsg-1ubuntu1)
30
quantal_asterisk: not-affected
31
raring_asterisk: not-affected
32
saucy_asterisk: not-affected
33
devel_asterisk: not-affected