Asterisk Heap-Based Buffer Overflow in Skinny Channel Driver (AST-2012-005)
High Nessus Plugin ID 58905
SynopsisA telephony application running on the remote host is affected by a heap-based buffer overflow vulnerability.
DescriptionAccording to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server, or possibly inject arbitrary code by sending repeated KEYPAD_BUTTON_MESSAGE events over a Skinny channel to overflow a buffer.
SolutionUpgrade to Asterisk 126.96.36.199 / 188.8.131.52 / 10.3.1 or apply the patches listed in the Asterisk advisory.