Asterisk PBX NULL Pointer Dereference Overflow Network Vulnerability

Summary

The host contains an service that is prone to a remote buffer overflow. Description : The remote host appears to be runnning Asterisk PBX, an open-source telephone system. The application suffers from a null pointer dereference overflow in the SIP service. When sending an mailformed SIP packet with no URI and version in the request an attacker can trigger a Denial of Service and shutdown the application resulting in a loss of availability.

Solution

Upgrade to Asterisk PBX release 1.4.1 or 1.2.16.

References

http://asterisk.org/node/48319
http://asterisk.org/node/48320
http://labs.musecurity.com/advisories/MU-200703-01.txt
http://www.kb.cert.org/vuls/id/228032

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-1306
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Freeciv Multiple Remote Denial Of Service Vulnerabilities
Adobe Flash Media Server Multiple Denial of Service Vulnerabilities
CUPS Multiple Vulnerabilities - Oct08
CUPS Subscription Incorrectly uses Guest Account DoS Vulnerability
Apple QuickTime Multiple Vulnerabilities - Jun09

Take action and discover your vulnerabilities