Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Asterisk Multiple Vulnerabilities (AST-2011-005/AST-2011-006)

Medium

Synopsis

The remote VoIP server is vulnerable to multiple attack vectors.

Description

The version of Asterisk running on the remote host is potentially affected by multiple issues :

- On systems that have the Asterisk Manager interface, Skinny, SIP over TCP, or the built in HTTP server enabled, it is possible for an attacker to open as many connections to asterisk as he wishes which would cause Asterisk to run out of available file descriptors and stop processing any new calls. (AST-2011-005)

- It is possible to bypass a security check and execute shell commands when they should not have that ability. Note that only users with the 'system' privileges should be able to do this. (AST-2011-006)

Solution

Upgrade to Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, 1.8.3.3, Business Edition C.3.6.4, or later.