icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Asterisk SIP Channel Driver Denial of Service (AST-2011-007)

Medium

Synopsis

The remote VoIP server is vulnerable to a denial of service attack.

Description

The version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. If a remote attacker initiates a SIP call and the recipient picks up, the remote user can reply with a malformed Contact header that will cause Asterisk to crash.

Solution

Upgrade to Asterisk 1.8.4.2 or later.