Asterisk ast_parse_digest Function HTTP Digest Authentication String Parsing Remote Overflow (AST-2012-003)
Critical Nessus Plugin ID 58433
SynopsisA telephony application running on the remote host is affected by a buffer overflow vulnerability.
DescriptionAccording to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server, or possibly inject arbitrary code by sending an arbitrarily long string value for HTTP Digest Authentication.
SolutionUpgrade to Asterisk 188.8.131.52 / 10.2.1 or apply the patches listed in the Asterisk advisory.