Additional Asterisk Resource Exhaustion DoS Vulnerabilities

2008-10-02T00:00:00
ID SECURITYVULNS:DOC:20644
Type securityvulns
Reporter Securityvulns
Modified 2008-10-02T00:00:00

Description

Hello,

There are additional Asterisk RE Vulnerabilities. They are much like the IAX POKE vulnerability except these make Asterisk segfault ( signal 11 ) when call numbers are exhausted.

http://www.securityscraper.com/pingpoke/iaxControlNewAuthmethods.txt http://www.securityscraper.com/pingpoke/iaxControlNew.txt

The following links contain more information regarding the disclosure Digium and as well other interesting pieces of interesting information.

http://www.voip0day.com/ http://www.jeremy-mcnamara.com/2008/09/24/asterisk-remote-denial-of-service-iax-control-new/ http://www.free-press-release.com/news/200809/1222413154.html

Feel free to contact me with any questions or concerns.

Thank You,

Blake Cornell