Asterisk RTP Text Frames Denial Of Service Vulnerability Network Vulnerability

Summary

This host has Asterisk installed and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will let the attacker cause Denial of Service in the victim's system. Impact Level: Application

Solution

Upgrade to Asterisk version 1.6.1.2 or latest or apply the patch, http://www.asterisk.org/downloads http://downloads.asterisk.org/pub/security/AST-2009-004-1.6.1.diff.txt ***** NOTE: Please ignore the warning if the patch is applied. *****

Insight

Error in main/rtp.c file which can be exploited via an RTP text frame without a certain delimiter that triggers a NULL pointer dereference and the subsequent calculation to an invalid pointer.

Affected

Asterisk version 1.6.1 and before 1.6.1.2 on Linux.

References

http://downloads.asterisk.org/pub/security/AST-2009-004.html
http://secunia.com/advisories/36039/
http://www.vupen.com/english/advisories/2009/2067

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2651

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ClamAV 'parseicon()' Denial Of Service Vulnerability
Apache APR-Utils Multiple Denial of Service Vulnerabilities
Firefly MediaServer HTTP Header Multiple DoS Vulnerabilities
chm2pdf Insecure Temporary File Creation or DoS Vulnerability
Apple Safari Denial of Service Vulnerability (Win) - Apr09

Take action and discover your vulnerabilities