Asterisk SIP Remote Authentication Bypass

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

It is possible to bypass authentication and make calls using the
remote VoIP service.

Description :

The version of Asterisk installed on the remote host allows
unauthenticated calls via the SIP channel driver. Using a specially
crafted From header, a remote attacker can bypass authentication and
make calls into the context specified in the 'general' section of
'sip.conf'.

See also :

http://www.securityfocus.com/archive/1/489818/100/0/threaded
http://downloads.digium.com/pub/security/AST-2008-003.html
http://www.nessus.org/u?9367816e

Solution :

Upgrade to Asterisk 1.2.27 / 1.4.18.1 / 1.4.19-rc3 / 1.6.0-beta6,
Asterisk Business Edition B.2.5.1 / C.1.6.2, AsteriskNOW 1.0.2, Asterisk
Appliance Developer Kit 1.4 revision 109393, s800i (Asterisk Appliance)
1.1.0.2 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 32135 (asterisk_sip_auth_bypass.nasl)

Bugtraq ID: 28310

CVE ID: CVE-2008-1332