Info

Disclosure

Oct 30, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Asterisk contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in the SIP channel driver within the handling of malformed SIP packets, and will result in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Concern

Solution

Upgrade to version 1.0.12, 1.2.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Asterisk	Asterisk	1.0
		1.2

References

CVE ID: 2006-5445 (see also: NVD)
Secunia Advisory ID: 22480 22651 22979
SCIP VulDB ID: 2488
ISS X-Force ID: 29664
Related OSVDB ID: 29972
VUPEN Advisory: ADV-2006-4098
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0649.html
Vendor Specific News/Changelog Entry: http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13
http://www.asterisk.org/node/109
http://www.asterisk.org/node/110
Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Nov/0006.html
http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml
Vendor URL: http://www.asterisk.org/

Credit

Jesus Oquendo -

Direct URL: http://osvdb.org/29973