Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Asterisk SIP Channel Driver Denial of Service (AST-2011-007)

Medium

Synopsis

The remote VoIP server is vulnerable to a denial of service attack.

Description

The version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. If a remote attacker initiates a SIP call and the recipient picks up, the remote user can reply with a malformed Contact header that will cause Asterisk to crash.

Solution

Upgrade to Asterisk 1.8.4.2 or later.