Asterisk Denial of Service and Buffer Overflow Vulnerabilities
Last Update Date:
19 Mar 2012 12:12
Release Date:
19 Mar 2012
5280
Views
RISK: High Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities have been identified in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
- An error in the Milliwatt application within the "milliwatt_generate()" function (apps/app_milliwatt.c) when copying internal data samples can be exploited to cause a crash via specially crafted packets.
- An error in the "ast_parse_digest()" function (main/utils.c) when handling "HTTP Digest Authentication" information can be exploited to cause a stack-based buffer overflow via an overly long string.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Asterisk 1.x
- Asterisk 10.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to fixed version
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with