Asterisk Bug in Processing SIP Packets Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1022705
|
|
SecurityTracker URL: http://securitytracker.com/id?1022705
|
|
CVE Reference: CVE-2009-2726
(Links to External Site)
|
Date: Aug 11 2009
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 1.6.1 prior to 1.6.1.4; previous releases also affected.
|
Description: A vulnerability was reported in Asterisk. A remote user can cause denial of service conditions.
A remote user can send specially crafted SIP packets to cause the target service to consume all available stack memory for the SIP
network thread and crash.
The flaw is only exploitable in version 1.6.1 and later.
Nick Baggott of Mu Dynamics reported this
vulnerability.
|
Impact: A remote user can cause the target service to crash.
|
Solution: The vendor has issued a fix (1.2.34, 1.4.26.1, 1.6.0.12, 1.6.1.4).
The vendor's advisory is available at:
http://downloads.asterisk.org/pub/security/AST-2009-005.html
|
Vendor URL: downloads.asterisk.org/pub/security/AST-2009-005.html (Links to External Site)
|
Cause: Resource error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 10 Aug 2009 22:31:13 -0400
Subject: Asterisk
|
http://downloads.asterisk.org/pub/security/AST-2009-005.html
CVE-2009-2726
|
|
