Skip to main content

Asterisk Product Denial of Service Vulnerabilities

Last Update Date: 10 Jul 2012 Release Date: 9 Jul 2012 5013 Views

RISK: Medium Risk

TYPE: Clients - Im, Chat & Voip

TYPE: Im, Chat & Voip

Multiple vulnerabilities has been identified in Asterisk, which can be exploited by remote authenticated user to denial of service attack.

  1. A remote authenticated user can respond to a re-invite with a provisional response and not send a final response to cause the remote system to fail to clear the RTP port. This can be exploited to consume all available RTP ports on the target system
  2. Two remote authenticated users can manipulate a single voicemail account simultaneously to trigger a double free memory error or out-of-bounds array access error and the target service to crash.

Impact

  • Denial of Service

System / Technologies affected

  • Asterisk Open Source 1.8.x and prior
  • Asterisk Open Source 10.x and prior
  • Asterisk Business Edition C.3.x and prior
  • Certified Asterisk 1.8.11-certx and prior
  • Asterisk Digiumphones 10.x.x-digiumphones and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to Asterisk 1.8 or Asterisk 10.

Vulnerability Identifier


Source

 


Related Link