Asterisk SIP Channel Driver Invalid SDP Denial of Service (AST-2013-005)
Medium Nessus Plugin ID 69559
SynopsisA telephony application running on the remote host is affected by a denial of service vulnerability.
DescriptionAccording to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability.
The application does not properly handle an invalid SDP in a SIP request if such a request defines media descriptions and then defines connection data.
SolutionUpgrade to Asterisk 184.108.40.206 / 10.12.3 / 11.5.1 / Certified Asterisk 1.8.15-cert3 / 11.2-cert2, or apply the appropriate patch listed in the Asterisk advisory.