Asterisk Product Denial of Service Vulnerabilities

Last Update Date: 10 Jul 2012 Release Date: 9 Jul 2012 4380 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Im, Chat & Voip

TYPE: Im, Chat & Voip

Multiple vulnerabilities has been identified in Asterisk, which can be exploited by remote authenticated user to denial of service attack.

  1. A remote authenticated user can respond to a re-invite with a provisional response and not send a final response to cause the remote system to fail to clear the RTP port. This can be exploited to consume all available RTP ports on the target system
  2. Two remote authenticated users can manipulate a single voicemail account simultaneously to trigger a double free memory error or out-of-bounds array access error and the target service to crash.

Impact

  • Denial of Service

System / Technologies affected

  • Asterisk Open Source 1.8.x and prior
  • Asterisk Open Source 10.x and prior
  • Asterisk Business Edition C.3.x and prior
  • Certified Asterisk 1.8.11-certx and prior
  • Asterisk Digiumphones 10.x.x-digiumphones and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to Asterisk 1.8 or Asterisk 10.

Vulnerability Identifier

Source

 

Related Link

Share with

Previous

Pidgin MXit Message Parsing Buffer Overflow Vulnerability

9 Jul 2012 4311 Views

Next

Microsoft IIS Web Server Discloses Sensitive Information Vulnerability

9 Jul 2012 4757 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY