Digium Asterisk SIP Channel Driver Denial Of Service - High Confidence (CVE-2011-4063)

Vulnerability
Protection

Check Point Reference:	CPAI-2013-1624
Date Published:
Severity:
Source:	Secunia
Industry Reference(s):	CVE-2011-4063
Protection Provided by:	Security Gateway R75
Who is Vulnerable? Digium Asterisk Open Source 1.8 prior to 1.8.7.1 Digium Asterisk Open Source 10.x
Vulnerability Description A denial of service vulnerability has been reported in Digium Asterisk.

Vulnerability Details
The vulnerability is due to an error in Asterisk's SIP channel driver while handling malformed REGISTER requests. A remote attacker may exploit this vulnerability by sending a specially crafted REGISTER request to an affected Asterisk server. Successful exploitation could cause the application to crash, resulting in a denial of service condition.

Protection Overview
This protection will detect and block the transferring of a malicious SIP request.

In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R75 / R71 / R70

How Can I Protect My Network?

In the IPS tab, click Protections and find the Digium Asterisk SIP Channel Driver Denial Of Service - High Confidence protection using the Search tool and Edit the protection's settings.
Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: VoIP Enforcement Violation
Attack Information: Digium Asterisk SIP Channel Driver Denial Of Service - High Confidence

Legal Notice for Threat Center Advisories