Over on Bugtraq, another Asterisk vulnerability has been announced. Several buffer overflows affect the below version:
Package / Vulnerable / Unaffected
1 net-misc/asterisk = 1.2.17-r1
This one comes with an admonishment to upgrade to the latest patch:
All Asterisk users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=net-misc/asterisk-1.2.17-r1”
This is the link to the announcement at Gentoo Linux. I was hoping to find the link to the actual patch over at Asterisk, but I don’t see the right reference yet. The CVE #’s are all from 2007, but the announcement seems to be from 2008. If anyone finds the link, drop me a line or leave it in the comments.
On a minor note, the Nortel Networks UNIStim IP Phone with firmware version 0604DAS is vulnerable to a ping of death. No patch yet, but keep your eye on Nortel’s Security Advisory site for a response from the company.