Asterisk PBX SDP Header Overflow Vulnerability Network Vulnerability

Summary

The remote SIP server is affected by an overflow vulnerability. Description : A version of Asterisk PBX is running on the remote host. Asterisk is a complete open-source VoIP system. The application installed suffers from a remote overflow in the SIP service resulting in a denial of service. An attacker can send a malformed INVITE packet with two SDP headers, whitin the first header a existing IP address in the 'c=' variable and in the second SDP header a NOT existing IP address in 'c='. This results in a Segmentation fault in 'chan_sip.c' crashing the Asterisk PBX service.

Solution

Upgrade to Asterisk release 1.4.2/1.2.17 or newer.

References

http://bugs.digium.com/view.php?id=9321

Updated on 2017-03-28

Severity

Classification

CVE CVE-2007-1561

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Cogent DataHub Multiple Vulnerabilities
AT-TFTP Server Long Filename BoF Vulnerability
CA ARCserve Backup RPC Services Multiple Vulnerabilities (Windows)
Check for RealServer DoS
Apple iTunes Malformed .mov File Buffer Overflow Vulnerability

Take action and discover your vulnerabilities