Asterisk Denial of Service and Buffer Overflow Vulnerabilities

Last Update Date: 19 Mar 2012 12:12 Release Date: 19 Mar 2012 5128 Views

RISK: High Risk

High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities have been identified in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

  1. An error in the Milliwatt application within the "milliwatt_generate()" function (apps/app_milliwatt.c) when copying internal data samples can be exploited to cause a crash via specially crafted packets.
  2. An error in the "ast_parse_digest()" function (main/utils.c) when handling "HTTP Digest Authentication" information can be exploited to cause a stack-based buffer overflow via an overly long string.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Asterisk 1.x
  • Asterisk 10.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to fixed version

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

McAfee Email Gateway / Email and Web Security Appliance Multiple Vulnerabilities

16 Mar 2012 5667 Views

Next

VMware Products Multiple Vulnerabilities

19 Mar 2012 5235 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY