Preemptive Protection against Digium Asterisk SIP Invalid Response Code Denial of Service Vulnerability
| Check Point Reference: | CPAI-2007-077 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA24579 | |
| Industry Reference(s): | CVE-2007-1594 |
|
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Digium Asterisk 1.2.x prior to 1.2.18 Digium Asterisk 1.4.x prior to 1.4.3 Digium Asterisk Appliance Developer Kit 0.x.x prior to 0.4.0 Digium Asterisk Business Edition A.x.x all releases Digium Asterisk Business Edition B.x.x prior and including B.1.3.2 Digium AsteriskNOW Prior and including Beta 5 | ||
| Vulnerability Description A denial of service vulnerability has been discovered in Digium Asterisk. Asterisk is an open source telephone system. It supports a wide range of Voice over IP (VOIP) protocols, including SIP. SIP (Session Initiation Protocol) is a protocol that can establish, modify, and terminate numerous multimedia sessions. A remote attacker can exploit this issue to crash the vulnerable service. |
||
|
Update/Patch Available Upgrade to Asterisk 1.4.7: http://www.asterisk.org/downloads |
|
|
Vulnerability Details The vulnerability is due to an error in Asterisk that fails to properly handle invalid SIP Response messages. A remote attacker may exploit this flaw via a specially crafted SIP response messages sent to the target server. Successful exploitation can result in a denial of service condition in the vulnerable server. |
Protection Overview
By creating a new rule for SIP, it will detect and block invalid and malformed SIP response messages sent to the server. No update is required to address this vulnerability.
To configure the defense, select your product from the list below and follow the related protection steps.
VPN-1 NGX R65, R62, R61, R60, VPN-1 NG with Application Intelligence R55W, R55/R54 and VPN-1 VSX NGX
How Can I Protect My Network?
1. In the Security tab, add a new rule.
2. Under Service field, right click the value field > Add, and choose the UDP service sip.
3. Under Action field, right click the value field > Accept.
4. Configure the rest of the rule fields in accordance to your network policy.
5. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: SIP Content Security Violation
Attack Information: Unknown SIP message type