Asterisk Heap-Based Buffer Overflow in Skinny Channel Driver (AST-2012-005)
High Nessus Plugin ID 58905
SynopsisA telephony application running on the remote host is affected by a heap-based buffer overflow vulnerability.
DescriptionAccording to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server, or possibly inject arbitrary code by sending repeated KEYPAD_BUTTON_MESSAGE events over a Skinny channel to overflow a buffer.
SolutionUpgrade to Asterisk 22.214.171.124 / 126.96.36.199 / 10.3.1 or apply the patches listed in the Asterisk advisory.