SecurityTracker: Asterisk Can Be Crashed By Remote Users With an Unexpected SIP Response Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker Alert ID: 1017809

SecurityTracker URL: http://securitytracker.com/id/1017809

CVE Reference: CVE-2007-1594 (Links to External Site)

Updated: Apr 2 2007

Original Entry Date: Mar 22 2007

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Version(s): 1.4 prior to 1.4.2

Description: A vulnerability was reported in Asterisk. A remote user can cause denial of service conditions.

A remote system can send a specially crafted SIP packet (SIP Response code 0) to cause the target service to crash.

qwerty1979 reported this vulnerability.

Impact: A remote user can cause the target service to crash.

Solution: The vendor has issued a fixed version (1.4.2).

The Asterisk advisory is available at:

http://www.sineapps.com/news.php?rssid=1707

Vendor URL: www.asterisk.org/ (Links to External Site)

Cause: Exception handling error

Underlying OS: Linux (Any), UNIX (Any)

Message History: None.

Date: Thu, 22 Mar 2007 00:59:23 -0500
Subject: Asterisk


http://bugs.digium.com/view.php?id=9313

> Asterisk segfaults upon receipt of a certain SIP packet (SIP Response code 0)