|
|
Info |
Last Modified |
| 9 months ago |
|
|
|
|
Description |
Asterisk PBX contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed SIP REGISTER packet is sent to the affected application without a SIP URI and version header in the request. This will result in a null pointer dereference and a loss of availability for the Asterisk PBX service.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Denial of Service,
Input Manipulation
Impact:
Loss of Availability
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to Asterisk PBX release 1.4.1 or 1.2.16 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
Asterisk
 |
1.2.0-beta1 |
1.4.0 |
1.2.15 |
1.2.14 |
1.2.13 |
1.2.12.1 |
1.2.12 |
1.2.11 |
1.2.10 |
1.2.9.1 |
1.2.9 |
1.2.8 |
1.2.7.1 |
1.2.7 |
1.2.6 |
1.2.5 |
1.2.4 |
1.2.3 |
1.2.2 |
1.2.1 |
1.2.0 |
1.2.0-beta2 |
1.2.0-rc1 |
1.2.0-rc2 |
1.4.0-beta1 |
1.4.0-beta2 |
1.4.0-beta3 |
1.4.0-beta4 |
|
|
|
|
|
|
|
Credit |
- Mu Security - Mu Security
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
