Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Preemptive Protection against Digium Asterisk SIP Invalid Response Code Denial of Service Vulnerability

Subscribe

Check Point Reference: CPAI-2007-077
Date Published:
Severity:
Source: Secunia Advisory: SA24579
Industry Reference(s):

CVE-2007-1594
Protection Provided by: VPN-1
  • NGX R65
  • NGX R62
  • NGX R61
  • NGX R60
  • NG with Application Intelligence R55W
  • NG with Application Intelligence R55
  • NG with Application Intelligence R54
VSX
  • NGX
Who is Vulnerable?
Digium Asterisk 1.2.x prior to 1.2.18
Digium Asterisk 1.4.x prior to 1.4.3
Digium Asterisk Appliance Developer Kit 0.x.x prior to 0.4.0
Digium Asterisk Business Edition A.x.x all releases
Digium Asterisk Business Edition B.x.x prior and including B.1.3.2
Digium AsteriskNOW Prior and including Beta 5
Vulnerability Description
A denial of service vulnerability has been discovered in Digium Asterisk. Asterisk is an open source telephone system. It supports a wide range of Voice over IP (VOIP) protocols, including SIP. SIP (Session Initiation Protocol) is a protocol that can establish, modify, and terminate numerous multimedia sessions. A remote attacker can exploit this issue to crash the vulnerable service.
Update/Patch Available
Upgrade to Asterisk 1.4.7:
http://www.asterisk.org/downloads
Vulnerability Details
The vulnerability is due to an error in Asterisk that fails to properly handle invalid SIP Response messages. A remote attacker may exploit this flaw via a specially crafted SIP response messages sent to the target server. Successful exploitation can result in a denial of service condition in the vulnerable server.

Protection Overview
By creating a new rule for SIP, it will detect and block invalid and malformed SIP response messages sent to the server. No update is required to address this vulnerability.

To configure the defense, select your product from the list below and follow the related protection steps.

VPN-1 NGX R65, R62, R61, R60, VPN-1 NG with Application Intelligence R55W, R55/R54 and VPN-1 VSX NGX

How Can I Protect My Network?
1. In the Security tab, add a new rule.
2. Under Service field, right click the value field > Add, and choose the UDP service sip.



3. Under Action field, right click the value field > Accept.
4. Configure the rest of the rule fields in accordance to your network policy.



5. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: SIP Content Security Violation
Attack Information: Unknown SIP message type