<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
It's funny. The link <br>
<pre wrap=""> Links | <a class="moz-txt-link-freetext" href="https://issues.asterisk.org/jira/browse/ASTERISK-19202">https://issues.asterisk.org/jira/browse/ASTERISK-19202</a>
Produces:
</pre>
<div id="main-content">
<div class="active-area">
<h2>Permission Violation</h2>
<p class="notify warn">It seems that you have tried to perform
an operation which you are not permitted to perform.</p>
<p> If you think this message is wrong, please consult your
administrators about getting the necessary permissions. </p>
</div>
</div>
<div class="footer">
<div class="poweredbymessage"> <a class="seo-link"
href="http://www.atlassian.com/software/jira/bug-tracking.jsp">Bug
tracking</a> and <a class="seo-link"
href="http://www.atlassian.com/software/jira/tour/project-tracking.jsp">project
tracking</a> for <a class="seo-link"
href="http://www.atlassian.com/software/jira/tour/software-development.jsp">software
development</a> powered by <a
href="http://www.atlassian.com/software/jira"
class="smalltext">Atlassian JIRA</a> <span
id="footer-build-information" style="color: #666666;">(v4.2.4-b591#591)</span>
| <a
href="http://support.atlassian.com/secure/CreateIssue.jspa?issuetype=1&pid=10000">Report
a problem</a> </div>
</div>
<pre wrap="">
</pre>
<br>
On 1/19/2012 5:40 PM, Asterisk Security Team wrote:
<blockquote
cite="mid:201201192333.q0JNXKpN015312@mjordan-desktop.digium.internal"
type="cite">
<pre wrap=""> Asterisk Project Security Advisory - AST-2012-001
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | SRTP Video Remote Crash Vulnerability |
|----------------------+-------------------------------------------------|
| Nature of Advisory | Denial of Service |
|----------------------+-------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|----------------------+-------------------------------------------------|
| Severity | Moderate |
|----------------------+-------------------------------------------------|
| Exploits Known | No |
|----------------------+-------------------------------------------------|
| Reported On | 2012-01-15 |
|----------------------+-------------------------------------------------|
| Reported By | Catalin Sanda |
|----------------------+-------------------------------------------------|
| Posted On | 2012-01-19 |
|----------------------+-------------------------------------------------|
| Last Updated On | January 19, 2012 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Joshua Colp < jcolp AT digium DOT com > |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | An attacker attempting to negotiate a secure video |
| | stream can crash Asterisk if video support has not been |
| | enabled and the res_srtp Asterisk module is loaded. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Upgrade to one of the versions of Asterisk listed in the |
| | "Corrected In" section, or apply a patch specified in the |
| | "Patches" section. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 1.8.x | All versions |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 10.x | All versions |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 1.8.8.2 |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 10.0.1 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Patches |
|------------------------------------------------------------------------|
| SVN URL |Branch|
|-----------------------------------------------------------------+------|
|<a class="moz-txt-link-freetext" href="http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff">http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff</a> |v1.8 |
|-----------------------------------------------------------------+------|
|<a class="moz-txt-link-freetext" href="http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff">http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff</a> |v10 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Links | <a class="moz-txt-link-freetext" href="https://issues.asterisk.org/jira/browse/ASTERISK-19202">https://issues.asterisk.org/jira/browse/ASTERISK-19202</a> |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| <a class="moz-txt-link-freetext" href="http://www.asterisk.org/security">http://www.asterisk.org/security</a> |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| <a class="moz-txt-link-freetext" href="http://downloads.digium.com/pub/security/AST-2012-001.pdf">http://downloads.digium.com/pub/security/AST-2012-001.pdf</a> and |
| <a class="moz-txt-link-freetext" href="http://downloads.digium.com/pub/security/AST-2012-001.html">http://downloads.digium.com/pub/security/AST-2012-001.html</a> |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|-----------------+--------------------+---------------------------------|
| 12-01-19 | Joshua Colp | Initial release |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2012-001
Copyright (c) 2012 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by <a class="moz-txt-link-freetext" href="http://www.api-digital.com">http://www.api-digital.com</a> --
New to Asterisk? Join us for a live introductory webinar every Thurs:
<a class="moz-txt-link-freetext" href="http://www.asterisk.org/hello">http://www.asterisk.org/hello</a>
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
<a class="moz-txt-link-freetext" href="http://lists.digium.com/mailman/listinfo/asterisk-users">http://lists.digium.com/mailman/listinfo/asterisk-users</a>
</pre>
</blockquote>
</body>
</html>