Launchpad.net

CVE 2009-4055

rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.

Related bugs and status

CVE-2009-4055 (Candidate) is related to these bugs:

Bug #491632: ACL not respected on SIP INVITE

Summary				In	Importance	Status
	491632	ACL not respected on SIP INVITE		asterisk (Ubuntu)	Undecided	Fix Released
	491632	ACL not respected on SIP INVITE		asterisk (Ubuntu Karmic)	Undecided	Fix Released

Bug #491637: SIP responses expose valid usernames

		In	Importance	Status
491637	SIP responses expose valid usernames	asterisk (Ubuntu)	Undecided	Fix Released
491637	SIP responses expose valid usernames	asterisk (Ubuntu Dapper)	Undecided	Won't Fix
491637	SIP responses expose valid usernames	asterisk (Ubuntu Hardy)	Undecided	Won't Fix
491637	SIP responses expose valid usernames	asterisk (Ubuntu Intrepid)	Undecided	Invalid
491637	SIP responses expose valid usernames	asterisk (Ubuntu Jaunty)	Undecided	Won't Fix
491637	SIP responses expose valid usernames	asterisk (Ubuntu Karmic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-4055

Related bugs and status

Related bugs

References