Voice of VOIPSA

Core Security released two advisories on the 9th (1, 2) covering buffer overflow vulnerabilities related to short UDP packets in two vulnerable applications, the Asterisk Open Source IPBX, and applications making use of the IAX client library which provides an IAX/IAX2 protocol stack for 3rd party applications. Both vulnerabilities center around the IAX2 protocol and truncated UDP frames.

A press release from yesterday which summarizes the advisories from Core can be found here.

Updated software releases and/or patches have been released, which are the same patches that David Endler posted about earlier this week.

This entry was posted on Tuesday, June 13th, 2006 at 9:36 pm and is filed under VoIP Security, VoIP Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.