Asterisk RTP Text Frames Denial Of Service Vulnerability Network Vulnerability

Summary

This host has Asterisk installed and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will let the attacker cause Denial of Service in the victim's system. Impact Level: Application

Solution

Upgrade to Asterisk version 1.6.1.2 or latest or apply the patch, http://www.asterisk.org/downloads http://downloads.asterisk.org/pub/security/AST-2009-004-1.6.1.diff.txt ***** NOTE: Please ignore the warning if the patch is applied. *****

Insight

Error in main/rtp.c file which can be exploited via an RTP text frame without a certain delimiter that triggers a NULL pointer dereference and the subsequent calculation to an invalid pointer.

Affected

Asterisk version 1.6.1 and before 1.6.1.2 on Linux.

References

http://downloads.asterisk.org/pub/security/AST-2009-004.html
http://secunia.com/advisories/36039/
http://www.vupen.com/english/advisories/2009/2067

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2651
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ejabberd XML Parsing Denial of Service Vulnerability (Windows)
Connect back to SOCKS4 server
Crash SMC AP
Apple Safari WebKit Property Memory Leak Remote DoS Vulnerability
Compaq Web SSI DoS

Take action and discover your vulnerabilities