Summary
Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in the SIP processing code of Asterisk - an open source PBX and telephony toolkit -, which could result in denial of service.
Solution
For the oldstable distribution (squeeze), these problems have been fixed in version 1:1.6.2.9-2+squeeze11.
For the stable distribution (wheezy), these problems have been fixed in version 1.8.13.1~dfsg-3+deb7u1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your asterisk packages.
Insight
Asterisk is an Open Source PBX and telephony toolkit. It is, in a sense, middleware between Internet and telephony channels on the bottom, and Internet and telephony applications at the top.
Affected
asterisk on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-5641, CVE-2013-5642 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities