Mu Finds Remote DOSMu Finds Remote DOS
Mu Security has discovered a remote DOS in Asterisk SIP vulnerability
March 9, 2007
SUNNYVALE, Calif. -- Mu Security, a pioneer in the new security analyzer market, has discovered a remote DoS in Asterisk SIP vulnerability. See: http://labs.musecurity.com/advisories.html
Affected Products/Versions: Asterisk versions 1.2.15 and 1.4.0, and earlier.
Product Overview: http://www.asterisk.org/
Asterisk is the most popular and extensible open source telephone system in the world, offering flexibility, functionality and features not available in advanced, high-end (high-cost) proprietary business systems. Asterisk is a complete IP PBX (private branch exchange) for businesses, and can be downloaded for free.
Asterisk crashes when handed an otherwise valid request message but with no URI and no SIP-version in the request-line of the message. For example, "REGISTER\r\n ". The crash is due to a null pointer dereference, and does not appear to be otherwise exploitable. Vendor Response / Solution: Fixed in releases 1.2.16 and 1.4.1. Available from http://www.asterisk.org History: March 1, 2006 - First contact with vendor
March 2, 2006 - Vendor acknowledges vulnerability
March 7, 2006 - Advisory released Credit: This vulnerability was discovered by the Mu Security research team. http://labs.musecurity.com/pgpkey.txt Mu Security Inc.
Read more about:2007
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023