The remote SIP server is affected by an overflow vulnerability. Description : A version of Asterisk PBX is running on the remote host. Asterisk is a complete open-source VoIP system. The application installed suffers from a remote overflow in the SIP service resulting in a denial of service. An attacker can send a malformed INVITE packet with two SDP headers, whitin the first header a existing IP address in the 'c=' variable and in the second SDP header a NOT existing IP address in 'c='. This results in a Segmentation fault in 'chan_sip.c' crashing the Asterisk PBX service.
Upgrade to Asterisk release 1.4.2/1.2.17 or newer.
Updated on 2017-03-28