CVE-2008-1289
Asterisk Open Source <1.4.18.1-1.6.0-beta6 - Buffer Overflow
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-1289. PoCs published by Mu Security research.
AI-analyzed exploit summary The provided text describes a buffer overflow vulnerability in Asterisk (CVE-2008-1289) due to inadequate boundary checks on user-supplied SDP payloads. It includes example payloads that could trigger the vulnerability but does not contain executable exploit code.
Description
Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
Exploits (1)
The provided text describes a buffer overflow vulnerability in Asterisk (CVE-2008-1289) due to inadequate boundary checks on user-supplied SDP payloads. It includes example payloads that could trigger the vulnerability but does not contain executable exploit code.