Asterisk Multiple Caller Simultaneous Voicemail Account Manipulation Double-free Remote DoS (AST-2012-011)
Medium Nessus Plugin ID 60065
SynopsisA telephony application running on the remote host is affected by a denial of service vulnerability.
DescriptionAccording to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote, authenticated attacker to crash the server.
If two remote users interact with a single voicemail account in unspecified ways, memory can be corrupted by a double-free vulnerability and this can further lead to application crashes.
SolutionUpgrade to Asterisk 18.104.22.168 / 10.5.2, Certified Asterisk 1.8.11-cert4 or apply the patches listed in the Asterisk advisory.