Asterisk HTTP Manager Buffer Overflow Vulnerability

Summary
This host is running Asterisk and is prone to buffer overflow vulnerability.
Impact
Successful exploitation may allow remote attackers to execute arbitrary code within the context of the application or cause a denial of service condition. Impact Level: System/Application
Solution
Upgrade to Asterisk 1.8.10.1, 10.2.1 or later, For updates refer to http://downloads.asterisk.org/pub/security/AST-2012-003.html
Insight
The flaw is due to an error in the 'ast_parse_digest()' function (main/utils.c) in HTTP Manager, which fails to handle 'HTTP Digest Authentication' information sent via a crafted request with an overly long string.
Affected
Asterisk version 1.8.x before 1.8.10.1, 10.x before 10.2.1 and 10.3.0
References