[VOIPSEC] Asterisk SIP Channel Handler Denial-of-Service
Ted Westerbeek
ted.westerbeek at gmail.com
Mon Mar 19 04:58:38 CDT 2007
Gents,
FYI
>From Sans @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 11
(3) MODERATE: Asterisk SIP Channel Handler Denial-of-Service
Affected:
Asterisk versions prior to 1.2.16 and 1.4.1
Description: Asterisk, a popular open source Voice-over-IP (VoIP)
solution, contains a denial-of-service condition. A specially-crafted
Session Initiation Protocol (SIP) request to a vulnerable Asterisk
server could trigger this condition. Successfully exploiting this
condition could lead to phone system outages or other phone system
instabilities. A working exploit and technical details for this
vulnerability are publicly available.
Status: Asterisk confirmed, updates available.
References:
Asterisk Release Announcements
http://asterisk.org/node/48319
http://asterisk.org/node/48320
Thanks,
Ted
More information about the Voipsec
mailing list