Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Asterisk Remote Crash Vulnerability in Skinny Channel Driver (AST-2012-009)



The remote VoIP server is vulnerable to a denial of service attack.


According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server. This issue may be exploited when the attacker has a valid SCCP (Skinny) ID and closes a connection when in certain call states. A null pointer is left behind and can cause the server to crash when the pointer is later dereferenced.


Upgrade to Asterisk 10.5.1 or apply the patches listed in the Asterisk advisory