Asterisk SIP Channel Driver (chan_sip) Unspecified Remote DoS

2006-10-30T04:33:55
ID OSVDB:29973
Type osvdb
Reporter Jesus Oquendo()
Modified 2006-10-30T04:33:55

Description

Vulnerability Description

Asterisk contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in the SIP channel driver within the handling of malformed SIP packets, and will result in loss of availability for the service.

Solution Description

Upgrade to version 1.0.12, 1.2.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Asterisk contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in the SIP channel driver within the handling of malformed SIP packets, and will result in loss of availability for the service.

References:

Vendor URL: http://www.asterisk.org/ Vendor Specific News/Changelog Entry: http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 Vendor Specific News/Changelog Entry: http://www.asterisk.org/node/109 Vendor Specific News/Changelog Entry: http://www.asterisk.org/node/110 Secunia Advisory ID:22651 Secunia Advisory ID:22979 Secunia Advisory ID:22480 Related OSVDB ID: 29972 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Nov/0006.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0649.html ISS X-Force ID: 29664 FrSIRT Advisory: ADV-2006-4098 CVE-2006-5445