Asterisk Product Denial of Service Vulnerabilities
Last Update Date:
10 Jul 2012
Release Date:
9 Jul 2012
5013
Views
RISK: Medium Risk
TYPE: Clients - Im, Chat & Voip
Multiple vulnerabilities has been identified in Asterisk, which can be exploited by remote authenticated user to denial of service attack.
- A remote authenticated user can respond to a re-invite with a provisional response and not send a final response to cause the remote system to fail to clear the RTP port. This can be exploited to consume all available RTP ports on the target system
- Two remote authenticated users can manipulate a single voicemail account simultaneously to trigger a double free memory error or out-of-bounds array access error and the target service to crash.
Impact
- Denial of Service
System / Technologies affected
- Asterisk Open Source 1.8.x and prior
- Asterisk Open Source 10.x and prior
- Asterisk Business Edition C.3.x and prior
- Certified Asterisk 1.8.11-certx and prior
- Asterisk Digiumphones 10.x.x-digiumphones and prior
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to Asterisk 1.8 or Asterisk 10.
Vulnerability Identifier
Source
Related Link
Share with