Asterisk RTP Port Release Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1027221 |
|
SecurityTracker URL: http://securitytracker.com/id/1027221
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 5 2012
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.8.x, 10.x, C.3.x
|
Description:
A vulnerability was reported in Asterisk. A remote authenticated user can cause denial of service conditions.
A remote authenticated user can respond to a re-invite with a provisional response and not send a final response to cause the remote system to fail to clear the RTP port. This can be exploited to consume all available RTP ports on the target system.
Steve Davies reported this vulnerability.
|
Impact:
A remote authenticated user can cause the connected target system to consume all available RTP ports.
|
Solution:
The vendor has issued a fix (1.8.13.1, 10.5.2, C.3.7.5).
The vendor's advisory is available at:
http://downloads.asterisk.org/pub/security/AST-2012-010.html
|
Vendor URL: downloads.asterisk.org/pub/security/AST-2012-010.html (Links to External Site)
|
Cause:
Resource error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 05 Jul 2012 21:44:05 +0000
Subject: Asterisk
|
http://downloads.asterisk.org/pub/security/AST-2012-010.html
|
|
