OSVDB ID: 34479

Title: Asterisk Malformed SIP INVITE Request DoS

Info

Disclosure
Mar 21, 2007

Discovery
Unknown

Dates

Exploit
Mar 24, 2007

Solution
Unknown

Description

 Asterisk PBX contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed SIP INVITE message containing two SDP headers is sent to the affected application. To exploit this issue, the first header must contain a valid IP address where the second must contain an invalid one. This will result in loss of availability for the asterisk service.

Classification

 Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

 Upgrade to version 1.2.17 or 1.4.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Digium

Asterisk

 1.4.0
1.4.1
1.2.16
1.2.15
1.2.14
1.2.13
1.2.12
1.2.10
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0

References

Credit
  • Humberto J. Abdelnur -   -
  • Radu State -   -
  • Olivier Festor -   -


Direct URL: http://osvdb.org/34479