Asterisk Malformed SIP INVITE Request DoS

2007-03-21T09:04:09
ID OSVDB:34479
Type osvdb
Reporter Olivier Festor(), Radu State(), Humberto J. Abdelnur()
Modified 2007-03-21T09:04:09

Description

Vulnerability Description

Asterisk PBX contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed SIP INVITE message containing two SDP headers is sent to the affected application. To exploit this issue, the first header must contain a valid IP address where the second must contain an invalid one. This will result in loss of availability for the asterisk service.

Technical Description

This vulnerability is only present if the SIP service accepts unauthenticated requests or proper authentication is provided.

Solution Description

Upgrade to version 1.2.17 or 1.4.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Asterisk PBX contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed SIP INVITE message containing two SDP headers is sent to the affected application. To exploit this issue, the first header must contain a valid IP address where the second must contain an invalid one. This will result in loss of availability for the asterisk service.

References:

Vendor Specific News/Changelog Entry: http://asterisk.org/node/48339 Security Tracker: 1017794 Secunia Advisory ID:24564 Secunia Advisory ID:24719 Secunia Advisory ID:25582 Secunia Advisory ID:26602 Other Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00120.html Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200704-01.xml Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Jun/0003.html Other Advisory URL: http://www.sineapps.com/news.php?rssid=1707 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200704-01.xml Mail List Post: http://seclists.org/fulldisclosure/2007/Mar/0315.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0358.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0299.html Mail List Post: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html ISS X-Force ID: 33068 Generic Exploit URL: http://milw0rm.com/exploits/3566 FrSIRT Advisory: ADV-2007-1039 CVE-2007-1561 Bugtraq ID: 23031