Asterisk PBX SDP Header Overflow Vulnerability Network Vulnerability

Summary

The remote SIP server is affected by an overflow vulnerability. Description : A version of Asterisk PBX is running on the remote host. Asterisk is a complete open-source VoIP system. The application installed suffers from a remote overflow in the SIP service resulting in a denial of service. An attacker can send a malformed INVITE packet with two SDP headers, whitin the first header a existing IP address in the 'c=' variable and in the second SDP header a NOT existing IP address in 'c='. This results in a Segmentation fault in 'chan_sip.c' crashing the Asterisk PBX service.

Solution

Upgrade to Asterisk release 1.4.2/1.2.17 or newer.

References

http://bugs.digium.com/view.php?id=9321

Updated on 2017-03-28

Severity

Classification

CVE CVE-2007-1561
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Abyss httpd crash
3com switch2hub
Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Windows)
CesarFTP MKD Command Buffer Overflow
CUPS IPP Use-After-Free Denial of Service Vulnerability

Take action and discover your vulnerabilities