Product | Asterisk |
Summary | Remote Crash Vulnerability in SIP channel driver |
Nature of Advisory | Remote attacker can crash an Asterisk server |
Susceptibility | Remote Unauthenticated Sessions |
Severity | Critical |
Exploits Known | Yes |
Reported On | 06/13/2011 |
Reported By | jaredmauch |
Posted On | 06/23/2011 |
Last Updated On | June 23, 2011 |
Advisory Contact | Paul Belanger pabelanger@digium.com |
CVE Name | CVE Requested |
Description | A remote user sending a SIP packet containing a Contact header with a missing left angle bracket (<) causes Asterisk to access a null pointer. |
Resolution | Asterisk now warns the user of the missing bracket and continues processing. Available workarounds are to disable chan_sip or to upgrade. |
Affected Versions | ||
Product | Release Series |
|
Asterisk Open Source | 1.8.x | All |
Corrected In | |
Product | Release |
Asterisk Open Source 1.8.x | 1.8.4.3 |
Patches | |
SVN URL | Revision |
Http://downloads.asterisk.org/pub/security/AST-2011-009.diff | 1.8 |
Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2011-009.pdf and http://downloads.digium.com/pub/security/AST-2011-009.html |
Revision History | ||
Date | Editor | Revisions Made |
06/20/2011 | Kinsey Moore | Initial Release |