Asterisk Multiple Vulnerabilities

Last Update Date: 19 Dec 2013 18:10 Release Date: 19 Dec 2013 3564 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Im, Chat & Voip

TYPE: Im, Chat & Voip

Multiple vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to escalate privileges and cause a DoS (Denial of Service).

 

A 16 bit SMS message that contains an odd message length value will cause the message decoding loop to run forever. The message buffer is not on the stack but will be overflowed resulting in corrupted memory and an immediate crash.

Impact

  • Denial of Service
  • Elevation of Privilege

System / Technologies affected

  • Asterisk Open Source version 1.8.x, 10.x, 11.x
  • Certified Asterisk version 1.8.x, 11.x
  • Asterisk with Digiumphones version 10.x-digiumphones

 

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to the patched versions:
    • Asterisk Open Source version 1.8.24.1, 10.12.4, 11.6.1
    • Asterisk with Digiumphones version 10.12.4-digiumphones
    • Certified Asterisk version 1.8.15-cert4, 11.2-cert3

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

RealOne RMP File Heap Overflow Vulnerability

19 Dec 2013 3589 Views

Next

Splunk Enterprise Data Processing Vulnerability

20 Dec 2013 3577 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY