icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Asterisk SIP Channel Driver ACK with SDP Denial of Service (AST-2013-004)

Medium

Synopsis

The remote VoIP server is affected by by a denial of service vulnerability

Description

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. The application does not properly handle 'ACK' messages with SDP after a channel has been closed.

Solution

Upgrade to Asterisk 1.8.23.1 / 11.5.1 / Certified Asterisk 1.8.15-cert3 / 11.2-cert2, or apply the appropriate patch listed in the Asterisk advisory.