| Check Point Reference: |
CPAI-2007-077 |
| Date Published: |
10 Jul 2007 |
| Severity: |
Medium
|
| Last Updated: |
Monday 01 January, 2007 |
| Source: |
Secunia Advisory: SA24579 |
| Industry Reference: | CVE-2007-1594 |
| Protection Provided by: |
|
| Who is Vulnerable? | Digium Asterisk 1.2.x prior to 1.2.18
Digium Asterisk 1.4.x prior to 1.4.3
Digium Asterisk Appliance Developer Kit 0.x.x prior to 0.4.0
Digium Asterisk Business Edition A.x.x all releases
Digium Asterisk Business Edition B.x.x prior and including B.1.3.2
Digium AsteriskNOW Prior and including Beta 5 |
| Vulnerability Description |
A denial of service vulnerability has been discovered in Digium Asterisk. Asterisk is an open source telephone system. It supports a wide range of Voice over IP (VOIP) protocols, including SIP. SIP (Session Initiation Protocol) is a protocol that can establish, modify, and terminate numerous multimedia sessions. A remote attacker can exploit this issue to crash the vulnerable service. |
| Update/Patch Avaliable | Upgrade to Asterisk 1.4.7:
http://www.asterisk.org/downloads |
| Vulnerability Details | The vulnerability is due to an error in Asterisk that fails to properly handle invalid SIP Response messages. A remote attacker may exploit this flaw via a specially crafted SIP response messages sent to the target server. Successful exploitation can result in a denial of service condition in the vulnerable server. |
Feedback