icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Asterisk Remote Crash Vulnerability in Skinny Channel Driver (AST-2012-009)

Medium

Synopsis

The remote VoIP server is vulnerable to a denial of service attack.

Description

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server. This issue may be exploited when the attacker has a valid SCCP (Skinny) ID and closes a connection when in certain call states. A null pointer is left behind and can cause the server to crash when the pointer is later dereferenced.

Solution

Upgrade to Asterisk 10.5.1 or apply the patches listed in the Asterisk advisory