Summary
This host is running Asterisk Server and is prone to denial of service vulnerability.
Impact
Successful exploitation could allow remote attackers to cause a denial of service via a crafted SDP in a SIP request.
Impact Level: Application
Solution
Upgrade to Asterisk Open Source to 1.8.23.1, 10.12.3, 11.5.1 or later, Certified Asterisk to 1.8.15-cert3, 11.2-cert2 or later, Asterisk Digiumphones 10.12.3-digiumphones or later, For updates refer to http://www.asterisk.org
Insight
Error within the SIP channel driver when handling a crafted SDP in a SIP request.
Affected
Asterisk Open Source 1.8.x to 1.8.23.0, 10.x to 10.12.2 and 11.x to 11.5.0 Certified Asterisk 1.8.15 to 1.8.15-cert2 and 11.2 to 11.2-cert1 Asterisk Digiumphones 10.x-digiumphones to 10.12.2-digiumphones
Detection
Send invalid SDP SIP request and check is it vulnerable to DoS or not.
References
Severity
Classification
-
CVE CVE-2013-5642 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
- Asterisk RTP Text Frames Denial Of Service Vulnerability
- Apple Safari Denial of Service Vulnerability (Win) - Apr09
- ClamAV LZH File Unpacking Denial of Service Vulnerability (Linux)
- Dopewars Server 'REQUESTJET' Message Remote Denial of Service Vulnerability