Skip to main content

Asterisk Denial of Service and Buffer Overflow Vulnerabilities

Last Update Date: 19 Mar 2012 12:12 Release Date: 19 Mar 2012 5280 Views

RISK: High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities have been identified in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

  1. An error in the Milliwatt application within the "milliwatt_generate()" function (apps/app_milliwatt.c) when copying internal data samples can be exploited to cause a crash via specially crafted packets.
  2. An error in the "ast_parse_digest()" function (main/utils.c) when handling "HTTP Digest Authentication" information can be exploited to cause a stack-based buffer overflow via an overly long string.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Asterisk 1.x
  • Asterisk 10.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to fixed version

Vulnerability Identifier

  • No CVE information is available

Source


Related Link