Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Asterisk Multiple Channel Drivers Denial of Service (AST-2011-008/AST-2011-009/AST-2011-010)



The remote VoIP server is vulnerable to multiple denial of service attacks.


The version of Asterisk running on the remote host is potentially affected by multiple denial of service vulnerabilities :

- If a remote user sends a SIP packet with a null, Asterisk reads data past the null even though the buffer is actually truncated when copied, which could lead to an application crash. (AST-2011-008)

- A remote user sending a SIP packet containing a Contact header with a missing left angle bracket causes Asterisk to access a null pointer which could cause the application to crash. (AST-2011-009)

- A memory address can be inadvertently transmitted over the network via IAX2 via an option control frame which would cause the remote party to try to access it. (AST-2011-010)


Upgrade to Asterisk,,, Asterisk Business C.3.7.3, or later.