Asterisk PBX NULL Pointer Dereference Overflow Network Vulnerability

Summary

The host contains an service that is prone to a remote buffer overflow. Description : The remote host appears to be runnning Asterisk PBX, an open-source telephone system. The application suffers from a null pointer dereference overflow in the SIP service. When sending an mailformed SIP packet with no URI and version in the request an attacker can trigger a Denial of Service and shutdown the application resulting in a loss of availability.

Solution

Upgrade to Asterisk PBX release 1.4.1 or 1.2.16.

References

http://asterisk.org/node/48319
http://asterisk.org/node/48320
http://labs.musecurity.com/advisories/MU-200703-01.txt
http://www.kb.cert.org/vuls/id/228032

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-1306

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Avast! Zoo Denial of Service Vulnerability
Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Win)
Abyss httpd crash
Firefox XSL Parsing Vulnerability (Linux)
Adobe Reader/Acrobat Denial of Service Vulnerability (May09)

Take action and discover your vulnerabilities